Nanako/openwrt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Nanako:v19.07.5
Branches Tags
Nanako:main Nanako:openwrt-24.10 Nanako:openwrt-23.05 Nanako:master Nanako:openwrt-22.03 Nanako:openwrt-21.02 Nanako:openwrt-19.07 Nanako:openwrt-18.06 Nanako:lede-17.01
Nanako:v24.10.0 Nanako:v24.10.0-rc7 Nanako:v24.10.0-rc6 Nanako:v24.10.0-rc5 Nanako:v24.10.0-rc4 Nanako:v24.10.0-rc3 Nanako:v24.10.0-rc2 Nanako:v24.10.0-rc1 Nanako:v23.05.5 Nanako:v22.03.7 Nanako:v23.05.4 Nanako:v23.05.3 Nanako:v22.03.6 Nanako:v23.05.2 Nanako:v23.05.1 Nanako:v23.05.0 Nanako:v23.05.0-rc4 Nanako:v23.05.0-rc3 Nanako:v23.05.0-rc2 Nanako:v23.05.0-rc1 Nanako:v21.02.7 Nanako:v22.03.5 Nanako:v21.02.6 Nanako:v22.03.4 Nanako:v22.03.3 Nanako:v21.02.5 Nanako:v22.03.2 Nanako:v22.03.1 Nanako:v21.02.4 Nanako:v22.03.0 Nanako:v22.03.0-rc6 Nanako:v22.03.0-rc5 Nanako:v22.03.0-rc4 Nanako:v22.03.0-rc3 Nanako:v22.03.0-rc2 Nanako:v22.03.0-rc1 Nanako:v21.02.3 Nanako:v19.07.10 Nanako:v19.07.9 Nanako:v21.02.2 Nanako:v21.02.1 Nanako:v21.02.0 Nanako:v21.02.0-rc4 Nanako:v19.07.8 Nanako:v21.02.0-rc3 Nanako:v21.02.0-rc2 Nanako:v21.02.0-rc1 Nanako:v19.07.7 Nanako:v19.07.6 Nanako:v19.07.5 Nanako:v18.06.9 Nanako:v19.07.4 Nanako:v19.07.3 Nanako:v19.07.2 Nanako:v18.06.8 Nanako:v18.06.7 Nanako:v19.07.1 Nanako:v19.07.0 Nanako:v18.06.6 Nanako:v19.07.0-rc2 Nanako:v18.06.5 Nanako:v19.07.0-rc1 Nanako:v18.06.4 Nanako:v18.06.3 Nanako:v17.01.7 Nanako:v18.06.2 Nanako:v17.01.6 Nanako:v18.06.1 Nanako:v18.06.0 Nanako:v17.01.5 Nanako:v18.06.0-rc2 Nanako:v18.06.0-rc1 Nanako:v17.01.4 Nanako:v17.01.3 Nanako:v17.01.2 Nanako:v17.01.1 Nanako:v17.01.0 Nanako:v17.01.0-rc2 Nanako:v17.01.0-rc1 Nanako:reboot
..
compare: Nanako:v19.07.6
Branches Tags
Nanako:openwrt-24.10 Nanako:openwrt-23.05 Nanako:main Nanako:master Nanako:openwrt-22.03 Nanako:openwrt-21.02 Nanako:openwrt-19.07 Nanako:openwrt-18.06 Nanako:lede-17.01
Nanako:v24.10.0 Nanako:v24.10.0-rc7 Nanako:v24.10.0-rc6 Nanako:v24.10.0-rc5 Nanako:v24.10.0-rc4 Nanako:v24.10.0-rc3 Nanako:v24.10.0-rc2 Nanako:v24.10.0-rc1 Nanako:v23.05.5 Nanako:v22.03.7 Nanako:v23.05.4 Nanako:v23.05.3 Nanako:v22.03.6 Nanako:v23.05.2 Nanako:v23.05.1 Nanako:v23.05.0 Nanako:v23.05.0-rc4 Nanako:v23.05.0-rc3 Nanako:v23.05.0-rc2 Nanako:v23.05.0-rc1 Nanako:v21.02.7 Nanako:v22.03.5 Nanako:v21.02.6 Nanako:v22.03.4 Nanako:v22.03.3 Nanako:v21.02.5 Nanako:v22.03.2 Nanako:v22.03.1 Nanako:v21.02.4 Nanako:v22.03.0 Nanako:v22.03.0-rc6 Nanako:v22.03.0-rc5 Nanako:v22.03.0-rc4 Nanako:v22.03.0-rc3 Nanako:v22.03.0-rc2 Nanako:v22.03.0-rc1 Nanako:v21.02.3 Nanako:v19.07.10 Nanako:v19.07.9 Nanako:v21.02.2 Nanako:v21.02.1 Nanako:v21.02.0 Nanako:v21.02.0-rc4 Nanako:v19.07.8 Nanako:v21.02.0-rc3 Nanako:v21.02.0-rc2 Nanako:v21.02.0-rc1 Nanako:v19.07.7 Nanako:v19.07.6 Nanako:v19.07.5 Nanako:v18.06.9 Nanako:v19.07.4 Nanako:v19.07.3 Nanako:v19.07.2 Nanako:v18.06.8 Nanako:v18.06.7 Nanako:v19.07.1 Nanako:v19.07.0 Nanako:v18.06.6 Nanako:v19.07.0-rc2 Nanako:v18.06.5 Nanako:v19.07.0-rc1 Nanako:v18.06.4 Nanako:v18.06.3 Nanako:v17.01.7 Nanako:v18.06.2 Nanako:v17.01.6 Nanako:v18.06.1 Nanako:v18.06.0 Nanako:v17.01.5 Nanako:v18.06.0-rc2 Nanako:v18.06.0-rc1 Nanako:v17.01.4 Nanako:v17.01.3 Nanako:v17.01.2 Nanako:v17.01.1 Nanako:v17.01.0 Nanako:v17.01.0-rc2 Nanako:v17.01.0-rc1 Nanako:reboot

21 Commits
v19.07.5 ... v19.07.6

Author SHA1 Message Date
Hauke Mehrtens
b12284a14c OpenWrt v19.07.6: adjust config defaults 
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2021-01-19 15:12:19 +01:00
Hauke Mehrtens
8055e38794 dnsmasq: Backport some security updates 
This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
  Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
  overflow in sort_rrset() when DNSSEC is used. This can allow a remote
  attacker to write arbitrary data into target device's memory that can
  lead to memory corruption and other unexpected behaviors on the target
  device.
* CVE-2020-25682:
  Dnsmasq versions before 2.83 is susceptible to buffer overflow in
  extract_name() function due to missing length check, when DNSSEC is
  enabled. This can allow a remote attacker to cause memory corruption
  on the target device.
* CVE-2020-25683:
  Dnsmasq version before 2.83 is susceptible to a heap-based buffer
  overflow when DNSSEC is enabled. A remote attacker, who can create
  valid DNS replies, could use this flaw to cause an overflow in a heap-
  allocated memory. This flaw is caused by the lack of length checks in
  rtc1035.c:extract_name(), which could be abused to make the code
  execute memcpy() with a negative size in get_rdata() and cause a crash
  in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
  A lack of proper address/port check implemented in Dnsmasq version <
  2.83 reply_query function makes forging replies easier to an off-path
  attacker.
* CVE-2020-25685:
  A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
  versions before 2.83 reply_query function allows remote attackers to
  spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
  Multiple DNS query requests for the same resource name (RRNAME) by
  Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
  traffic, using a birthday attack (RFC 5452), that can lead to DNS
  cache poisoning.
* CVE-2020-25687:
  Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
  overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
  remote attacker, who can create valid DNS replies, could use this flaw
  to cause an overflow in a heap-allocated memory. This flaw is caused
  by the lack of length checks in rtc1035.c:extract_name(), which could
  be abused to make the code execute memcpy() with a negative size in
  sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
  Service.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2021-01-19 14:10:02 +01:00
Hauke Mehrtens
733e62a8e1 uboot-at91: Add PKG_MIRROR_HASH to fix download 
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.

I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 20a7c9d5c9)
 2021-01-18 22:13:08 +01:00
Hauke Mehrtens
53814dadaf at91bootstrap: Add PKG_MIRROR_HASH to fix download 
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.

I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a141e7a00e)
 2021-01-18 22:12:21 +01:00
Rosen Penev
e30d3ea95f mbedtls: update to 2.16.9 
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f13b623f5e)
 2021-01-18 01:42:26 +01:00
Hauke Mehrtens
c7b9c85819 kernel: bump 4.14 to 4.14.215 
Refreshed all patches.

Compile-tested on: ipq40xx, lantiq/xrx200, x86/64, ipq806x
Runtime-tested on: ipq40xx, lantiq/xrx200, x86/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2021-01-17 17:21:00 +01:00
Hauke Mehrtens
c9388fa986 kernel: bump 4.14 to 4.14.214 
Refreshed all patches.

Removed patches because included in upstream:
- 499-mtd-parser-cmdline-Fix-parsing-of-part-names-with-co.patch
- 0071-2-PCI-qcom-Fixed-IPQ806x-PCIE-reset-changes.patch

Compile-tested on: ipq40xx, lantiq/xrx200, x86/64, ipq806x
Runtime-tested on: ipq40xx, lantiq/xrx200, x86/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2021-01-12 23:55:26 +01:00
Hauke Mehrtens
e290024717 glibc: update to latest 2.27 commit 
daf88b1dd1 Add NEWS entry for CVE-2020-6096 (bug 25620)
b29853702e arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620]
bad8d5ff60 arm: CVE-2020-6096: fix memcpy and memmove for negative length [BZ #25620]
d64ad0a517 Fix use-after-free in glob when expanding ~user (bug 25414)
34ce87638c Fix array overflow in backtrace on PowerPC (bug 25423)
0df8ecff9e misc/test-errno-linux: Handle EINVAL from quotactl
26f5442ec1 <string.h>: Define __CORRECT_ISO_CPP_STRING_H_PROTO for Clang [BZ #25232]
4b64a4245c intl/tst-gettext: fix failure with newest msgfmt
dc7f51bda9 aarch64: Fix DT_AARCH64_VARIANT_PCS handling [BZ #26798]
8edc96aa33 aarch64: add HWCAP_ATOMICS to HWCAP_IMPORTANT
599ebfacc0 aarch64: Remove HWCAP_CPUID from HWCAP_IMPORTANT

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2021-01-01 14:31:49 +01:00
Paul Spooren
2c37993c8a build/prereq: merge ifndef IB block together 
Multiple prereq checks are only required within the build system but not
for the ImageBuilder. These checks are excluded by using ifndef IB.

This commit merges the three ifndef IB blocks together.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit cc9d5b5a48)
 2020-12-31 09:33:07 -10:00
Sven Roederer
79b1fa1702 build, imagebuilder: Do not require compilers 
The buildroot and SDK both require the compilers (gcc, g++) to be
installed on the host system, however the ImageBuilder uses precompiled
binaries.

This patch changes the prerequirements checks to skip the checking for
the compilers if running as ImageBuilder. A similar change has been
made for libncurses-dev in 4a1a58a3e2.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
Acked-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit ae12a747ca)
 2020-12-31 09:32:33 -10:00
Paul Spooren
58138df2d5 build, imagebuilder: Do not require libncurses-dev 
The buildroot and SDK both require `libncurses-dev` to be installed on
the system, however the ImageBuilder uses precompiled binaries.

This patch changes the prerequirements checks to skip the
`libncurses-dev` part if running as ImageBuilder.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 4a1a58a3e2)
 2020-12-31 09:31:54 -10:00
Paul Spooren
42e478eb0d build/json: add filesystem information 
Some images are created using different filesystems, most popular
squashfs and ext4. To allow downstream projects to distinguesh between
those, add the `filesystem` information to created json files.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit bc0ffff36a)
 2020-12-17 11:16:36 -10:00
Petr Štetiar
b14eeccdfe ath79: image: fix initramfs for safeloader devices 
Currently it's not possible to tftpboot initramfs image on archer-c7-v5
as the image contains tplink-v1-header which leads to:

 ath> bootm
 ## Booting image at 81000000 ...
 Bad Magic Number

as U-Boot expects uImage wrapped image. This is caused by following
inheritance issue:

  define Device/Init
    KERNEL_INITRAMFS = $$(KERNEL)

  define Device/tplink-v1
    KERNEL := kernel-bin | append-dtb | lzma
    KERNEL_INITRAMFS := kernel-bin | append-dtb | lzma | tplink-v1-header

  define Device/tplink-safeloader
    $(Device/tplink-v1)

  define Device/tplink-safeloader-uimage
    $(Device/tplink-safeloader)
    KERNEL := kernel-bin | append-dtb | lzma | uImageArcher lzma

  define Device/tplink_archer-c7-v5
    $(Device/tplink-safeloader-uimage)

where tplink-v1 defines KERNEL_INITRAMFS with tplink-v1-header and it's
then used by all devices inheriting from tplink-safeloader. Fix this by
overriding KERNEL_INITRAMFS to KERNEL variable again.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ceeece9ffa)
 2020-12-17 15:51:43 +01:00
Hauke Mehrtens
cb58c7fe73 kernel: bump 4.14 to 4.14.212 
Refreshed all patches.

Removed patches because included in upstream:
- 315-v5.10-usbnet-ipeth-fix-connectivity-with-ios-14.patch

Compile-tested on: ipq40xx, ath79, x86/64
Runtime-tested on: ipq40xx, ath79

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2020-12-16 22:23:52 +01:00
Hauke Mehrtens
fb52c40531 wireless-regdb: Update to version 2020.11.20 
9efa1da wireless-regdb: update regulatory rules for Egypt (EG)
ede87f5 wireless-regdb: restore channel 12 & 13 limitation in the US
5bcafa3 wireless-regdb: Update regulatory rules for Croatia (HR)
4e052f1 wireless-regdb: Update regulatory rules for Pakistan (PK) on 5GHz
f9dfc58 wireless-regdb: update 5.8 GHz regulatory rule for GB
c19aad0 wireless-regdb: Update regulatory rules for Kazakhstan (KZ)
07057d3 wireless-regdb: update regulatory database based on preceding changes

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 94d1b2508c)
 2020-12-16 22:23:52 +01:00
Petr Štetiar
7711a5906a wireless-regdb: bump to latest release 2020-04-29 
Update to latest release.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 493eef5b27)
 2020-12-16 21:32:27 +01:00
Eneas U de Queiroz
c03f018220 openssl: update to 1.1.1i 
Fixes: CVE-2020-1971, defined as high severity, summarized as:
NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS
attack.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 882ca13d92)
 2020-12-16 21:31:52 +01:00
Hauke Mehrtens
0a59e2a76e mac80211: Update to version 4.19.161-1 
The removed patches were applied upstream.

The changes to 357-mac80211-optimize-skb-resizing.patch are more
complex. I think the patch already took care of the new changes done
upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2020-12-11 20:20:16 +01:00
Davide Fioravanti
3f5fecfd33 ramips: enable LED VCC for Asus RT-AC51U 
Previously only the power LED was working.
With this patch all leds except 5GHz are working.

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
[rephrased commit title, drop status property]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 67d019ac94)
 2020-12-10 13:41:10 +01:00
David Bauer
d0b8be75ff generic: ipeth: fix iOS 14 tethering 
This fixes tethering with devices using iOS 14. Prior to this patch,
connections to remote endpoints were not possible while data transfers
between the OpenWrt device and the iOS endpoints worked fine.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit f64496f30f)
 2020-12-07 04:21:14 +01:00
Hauke Mehrtens
bdc2f19f9d OpenWrt v19.07.5: revert to branch defaults 
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2020-12-07 00:51:12 +01:00
110 changed files with 2548 additions and 1488 deletions
Expand all files Collapse all files

4
feeds.conf.default
View File

@@ -1,5 +1,5 @@
src-git packages https://git.openwrt.org/feed/packages.git^2974079d3db786fe5da00c10f1d80e79b0112093
src-git luci https://git.openwrt.org/project/luci.git^51f55b58b75b189f4f8810a827ca27a959e2192d
src-git packages https://git.openwrt.org/feed/packages.git^ce5a4eaea218111350e05ea86de8171344a70ce4
src-git luci https://git.openwrt.org/project/luci.git^6ba9740b61a3ca89355ae1b08f0456617e0ce3c0
src-git routing https://git.openwrt.org/feed/routing.git^02b4dbfcb7b8f8b566940847d22d5a6f229d2e66
src-git telephony https://git.openwrt.org/feed/telephony.git^6e019c94d0fa7162548d528bf4ba060a61f8cb59
src-git freifunk https://github.com/freifunk/openwrt-packages.git^73454e6fe1bdc902c69ca0079d979fdb94d6fb1f

1
include/image.mk
View File

@@ -534,6 +534,7 @@ define Device/Build/image
BIN_DIR="$(BIN_DIR)" \
IMAGE_NAME="$(IMAGE_NAME)" \
IMAGE_TYPE=$(word 1,$(subst ., ,$(2))) \
IMAGE_FILESYSTEM="$(1)" \
IMAGE_PREFIX="$(IMAGE_PREFIX)" \
DEVICE_TITLE="$(DEVICE_TITLE)" \
DEVICE_PACKAGES="$(DEVICE_PACKAGES)" \

4
include/kernel-version.mk
View File

@@ -6,9 +6,9 @@ ifdef CONFIG_TESTING_KERNEL
KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER)
endif
LINUX_VERSION-4.14 = .209
LINUX_VERSION-4.14 = .215
LINUX_KERNEL_HASH-4.14.209 = cb02465cc8f1972cc14707b25d779c8668d220c39e68a24bb23afd4c58182b9c
LINUX_KERNEL_HASH-4.14.215 = 9a844e290c61b39dd23df507ba1d9c2b2b4365e5993a978b19f1eb5610b926da
remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))

2
include/prereq-build.mk
View File

@@ -26,6 +26,7 @@ $(eval $(call TestHostCommand,proper-umask, \
Please build with umask 022 - other values produce broken packages, \
umask | grep -xE 0?0[012][012]))
ifndef IB
$(eval $(call SetupHostCommand,gcc, \
Please install the GNU C Compiler (gcc) 4.8 or later, \
$(CC) -dumpversion | grep -E '^(4\.[8-9]|[5-9]\.?|10\.?)', \
@@ -55,6 +56,7 @@ $(eval $(call TestHostCommand,ncurses, \
Please install ncurses. (Missing libncurses.so or ncurses.h), \
echo 'int main(int argc, char **argv) { initscr(); return 0; }' | \
gcc -include ncurses.h -x c -o $(TMP_DIR)/a.out - -lncurses))
endif # IB
ifeq ($(HOST_OS),Linux)
zlib_link_flags := -Wl,-Bstatic -lz -Wl,-Bdynamic

6
include/version.mk
View File

@@ -26,13 +26,13 @@ PKG_CONFIG_DEPENDS += \
sanitize = $(call tolower,$(subst _,-,$(subst $(space),-,$(1))))
VERSION_NUMBER:=$(call qstrip,$(CONFIG_VERSION_NUMBER))
VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),19.07.5)
VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),19.07.6)
VERSION_CODE:=$(call qstrip,$(CONFIG_VERSION_CODE))
VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r11257-5090152ae3)
VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r11278-8055e38794)
VERSION_REPO:=$(call qstrip,$(CONFIG_VERSION_REPO))
VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),http://downloads.openwrt.org/releases/19.07.5)
VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),http://downloads.openwrt.org/releases/19.07.6)
VERSION_DIST:=$(call qstrip,$(CONFIG_VERSION_DIST))
VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),OpenWrt)

2
package/base-files/image-config.in
View File

@@ -183,7 +183,7 @@ if VERSIONOPT
config VERSION_REPO
string
prompt "Release repository"
default "http://downloads.openwrt.org/releases/19.07.5"
default "http://downloads.openwrt.org/releases/19.07.6"
help
This is the repository address embedded in the image, it defaults
to the trunk snapshot repo; the url may contain the following placeholders:

1
package/boot/at91bootstrap/Makefile
View File

@@ -14,6 +14,7 @@ PKG_RELEASE:=
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/linux4sam/at91bootstrap.git
PKG_MIRROR_HASH:=783100ce586460b8230f7b5b56cbc2e6473b888f38330c1d1b64777e3ae59473
PKG_SOURCE_VERSION:=04efa5500d60a0211d14b6ee60df7ce0a828704d
PKG_BUILD_DIR = \

1
package/boot/uboot-at91/Makefile
View File

@@ -12,6 +12,7 @@ PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/linux4sam/u-boot-at91.git
PKG_MIRROR_HASH:=03ae55f16e716c2c06481372174f9d8506fa077459bf321a024e0d23a9bb013a
PKG_SOURCE_VERSION:=59f202622154f82e708a6ca2bf86350a5c1b2d33
include $(INCLUDE_DIR)/u-boot.mk

4
package/firmware/wireless-regdb/Makefile
View File

@@ -1,12 +1,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=wireless-regdb
PKG_VERSION:=2019.06.03
PKG_VERSION:=2020.11.20
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/software/network/wireless-regdb/
PKG_HASH:=cd917ed86b63ce8d93947979f1f18948f03a4ac0ad89ec25227b36ac00dc54bf
PKG_HASH:=b4164490d82ff7b0086e812ac42ab27baf57be24324d4c0ee1c5dd6ba27f2a52
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>

58
package/firmware/wireless-regdb/patches/010-regdb-fix-compatibility-with-python2.patch
View File

@@ -1,58 +0,0 @@
From 651e39dee8605995b736b6056c6f7dc5c5a9c948 Mon Sep 17 00:00:00 2001
From: Johannes Berg <johannes.berg@intel.com>
Date: Thu, 22 Aug 2019 21:46:27 +0200
Subject: [PATCH] regdb: fix compatibility with python2
Various changes in the commit mentioned below broke
compatibility with python2. Restore it in a way that
makes it worth with both versions.
Fixes: f3c4969c2485 ("wireless-regdb: make scripts compatible with Python 3")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---
db2bin.py | 2 +-
db2fw.py | 2 +-
dbparse.py | 3 +--
3 files changed, 3 insertions(+), 4 deletions(-)
--- a/db2bin.py
+++ b/db2bin.py
@@ -118,7 +118,7 @@ reg_country_ptr.set()
for alpha2 in countrynames:
coll = countries[alpha2]
# struct regdb_file_reg_country
- output.write(struct.pack('>BBxBI', alpha2[0], alpha2[1], coll.dfs_region, reg_rules_collections[coll.permissions]))
+ output.write(struct.pack('>2sxBI', alpha2, coll.dfs_region, reg_rules_collections[coll.permissions]))
if len(sys.argv) > 3:
--- a/db2fw.py
+++ b/db2fw.py
@@ -85,7 +85,7 @@ countrynames = list(countries)
countrynames.sort()
for alpha2 in countrynames:
coll = countries[alpha2]
- output.write(struct.pack('>BB', alpha2[0], alpha2[1]))
+ output.write(struct.pack('>2s', alpha2))
country_ptrs[alpha2] = PTR(output)
output.write(b'\x00' * 4)
--- a/dbparse.py
+++ b/dbparse.py
@@ -1,6 +1,5 @@
#!/usr/bin/env python
-from builtins import bytes
from functools import total_ordering
import sys, math
from math import ceil, log
@@ -359,7 +358,7 @@ class DBParser(object):
for cname in cnames:
if len(cname) != 2:
self._warn("country '%s' not alpha2" % cname)
- cname = bytes(cname, 'ascii')
+ cname = cname.encode('ascii')
if not cname in self._countries:
self._countries[cname] = Country(dfs_region, comments=self._comments)
self._current_countries[cname] = self._countries[cname]

47
package/firmware/wireless-regdb/patches/600-wireless-regdb-Fix-overlapping-ranges-for-Switzerlan.patch
View File

@@ -1,47 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@strongswan.org>
Date: Tue, 2 Jul 2019 16:19:44 +0200
Subject: [PATCH] wireless-regdb: Fix overlapping ranges for Switzerland and
Liechtenstein
The commit referenced below changes the 5GHz frequency range 5250-5330
to 5150-5330, making that range overlapping with the existing range
5170-5250. This imposes DFS limitations and a reduced maximum power
level for the range 5170-5250.
The change of the frequency range seems not intentional. Instead the
commit should have changed the 5170-5250 range to 5150-5250, and the
5250-5330 range to 5250-5350 (see [1]).
[1] https://www.ofcomnet.ch/api/rir/1010/05
Fixes: 957a7cff72a3 ("wireless-regdb: update regulatory rules for Switzerland (CH), and Liechtenstein (LI) on 5GHz")
Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
diff --git a/db.txt b/db.txt
index d47ab94c3aa5..37393e6a793e 100644
--- a/db.txt
+++ b/db.txt
@@ -271,8 +271,8 @@ country CF: DFS-FCC
# transmitter power control is in use: 5250-5330@23db, 5490-5710@30db
country CH: DFS-ETSI
(2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- (5150 - 5330 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
(5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
# 60 GHz band channels 1-4, ref: Etsi En 302 567
(57000 - 66000 @ 2160), (40)
@@ -747,8 +747,8 @@ country LC: DFS-ETSI
# transmitter power control is in use: 5250-5330@23db, 5490-5710@30db
country LI: DFS-ETSI
(2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- (5150 - 5330 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
(5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
# 60 GHz band channels 1-4, ref: Etsi En 302 567
(57000 - 66000 @ 2160), (40)

843
package/firmware/wireless-regdb/patches/601-wireless-regdb-Fix-ranges-of-EU-countries-as-they-ar.patch
View File

@@ -1,843 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Emil Petersky <emil.petersky@streamunlimited.com>
Date: Tue, 17 Sep 2019 09:49:19 +0200
Subject: [PATCH] wireless-regdb: Fix ranges of EU countries as they are
harmonized since 2014
This patch unites entries for EU countries, as they have been harmonized
latest by July 2014...
EU decision 2005/513/EC:
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
EU decision 2006/771/EC:
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
Signed-off-by: Emil Petersky <emil.petersky@streamunlimited.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
diff --git a/db.txt b/db.txt
index 2e149b6e0ea2..a57452479a9b 100644
--- a/db.txt
+++ b/db.txt
@@ -87,12 +87,20 @@ country AS: DFS-FCC
(5490 - 5730 @ 160), (24), DFS
(5735 - 5835 @ 80), (30)
+# AT as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# AT: https://www.rtr.at/en/tk/Spektrum5GHz/1997_bmvit-info-052010en.pdf
+# AT: acceptance https://www.ris.bka.gv.at/Dokumente/BgblAuth/BGBLA_2014_II_63/BGBLA_2014_II_63.pdfsig
country AT: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
# Source:
@@ -139,12 +147,22 @@ country BD: DFS-JP
(2402 - 2482 @ 40), (20)
(5735 - 5835 @ 80), (30)
+# BE as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# BE: https://www.ibpt.be/public/files/en/21760/B03-01_2.1_EN.pdf
+# BE: https://www.ibpt.be/public/files/en/21761/B03-02_2.1_EN.pdf
+# BE: https://www.ibpt.be/public/files/en/21762/B03-03_2.1_EN.pdf
+# BE: https://www.ibpt.be/public/files/en/22165/B01-28_3.1_EN.pdf
country BE: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country BF: DFS-FCC
@@ -167,22 +185,29 @@ country BF: DFS-FCC
#
# Note: The transmit power limits in the 5250-5350 MHz and 5470-5725 MHz bands
# can be raised by 3 dBm if TPC is enabled. Refer to BDS EN 301 893 for details.
+#
+# BG as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# BG: https://crc.bg/files/_en/Electronic_Communications_Revised_EN1.pdf
+# BG: acceptance of 2006/771/EC https://crc.bg/files/Pravila_06_12_2018.pdf
country BG: DFS-ETSI
# Wideband data transmission systems (WDTS) in the 2.4GHz ISM band, ref:
# I.22 of the List, BDS EN 300 328
- (2402 - 2482 @ 40), (20)
+ (2400 - 2483.5 @ 40), (100 mW)
# 5 GHz Radio Local Area Networks (RLANs), ref:
# II.H01 of the List, BDS EN 301 893
- (5170 - 5250 @ 80), (23), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
# II.H01 of the List, I.54 from the List, BDS EN 301 893
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # Short range devices (SRDs) in the 5725-5875 MHz frequency range, ref:
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
# I.43 of the List, BDS EN 300 440-2, BDS EN 300 440-1
- (5725 - 5875 @ 80), (14)
- # 60 GHz Multiple-Gigabit RLAN Systems, ref:
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
# II.H03 of the List, BDS EN 302 567-2
- (57000 - 66000 @ 2160), (40), NO-OUTDOOR
+ (57000 - 66000 @ 2160), (40)
country BH: DFS-JP
(2402 - 2482 @ 40), (20)
@@ -265,16 +290,22 @@ country CF: DFS-FCC
(5490 - 5730 @ 40), (24), DFS
(5735 - 5835 @ 40), (30)
-# Source:
-# https://www.ofcomnet.ch/#/fatTable
-# Note that the maximum transmitter power can be doubled for 5250-5710MHz if
-# transmitter power control is in use: 5250-5330@23db, 5490-5710@30db
+# CH as part of CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# CH: https://www.ofcomnet.ch/api/rir/1010/05
+# CH: https://www.ofcomnet.ch/api/rir/1010/04
+# CH: https://www.ofcomnet.ch/api/rir/1008/12
+# CH: https://www.ofcomnet.ch/#/fatTable
country CH: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- (5250 - 5350 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country CI: DFS-FCC
@@ -329,26 +360,42 @@ country CX: DFS-FCC
(5490 - 5730 @ 160), (24), DFS
(5735 - 5835 @ 80), (30)
+# CY as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# CY: http://www.mcw.gov.cy/mcw/dec/dec.nsf/all/292484CFC7013DD4C2256EBA0023D447/$file/Sxedio%20Radiosyxnothtwn%20ths%20Dhmokratias-3-8-2018-E2.2(English%20Unified%20Unofficial).pdf?openelement
country CY: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
-# Data from http://www.ctu.eu/164/download/VOR/VOR-12-08-2005-34.pdf
-# and http://www.ctu.eu/164/download/VOR/VOR-12-05-2007-6-AN.pdf
-# Power at 5250 - 5350 MHz and 5470 - 5725 MHz can be doubled if TPC is
-# implemented.
+# CZ as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# CZ: https://www.ctu.cz/cs/download/vseobecna-opravneni/archiv/vo-r_12-06_2010-09.pdf
+# CZ: https://www.ctu.cz/sites/default/files/obsah/ctu/vseobecne-opravneni-c.vo-r/10/12.2017-10/obrazky/vo-r10-122017-10.pdf
country CZ: DFS-ETSI
(2400 - 2483.5 @ 40), (100 mW)
(5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
(5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
(5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
+# DE as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+#
# Allocation for the 2.4 GHz band (Vfg 10 / 2013, Allgemeinzuteilung von
# Frequenzen für die Nutzung in lokalen Netzwerken; Wireless Local Area
# Networks (WLAN-Funkanwendungen).
@@ -379,16 +426,22 @@ country DE: DFS-ETSI
# 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
-# Sources:
+# DK as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# DK: https://ens.dk/sites/ens.dk/files/Tele/frekvensplan_0.pdf
# 5GHz: https://erhvervsstyrelsen.dk/sites/default/files/007_interface-datanet_5-6_ghz.pdf.pdf
# 60GHz: https://erhvervsstyrelsen.dk/sites/default/files/radiograenseflader-63.pdf
country DK: DFS-ETSI
- (2400 - 2483.5 @ 40), (20)
- (5150 - 5250 @ 80), (23), AUTO-BW, wmmrule=ETSI
- (5250 - 5350 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5470 - 5725 @ 160), (27), DFS, wmmrule=ETSI
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
# 60 GHz band channels 1-4 (ETSI EN 302 567)
- (57000 - 66000 @ 2160), (40), NO-OUTDOOR
+ (57000 - 66000 @ 2160), (40)
# Source:
# http://www.ntrcdom.org/index.php?option=com_content&view=category&layout=blog&id=10&Itemid=55
@@ -417,12 +470,20 @@ country EC: DFS-FCC
(5490 - 5730 @ 20), (24), DFS
(5735 - 5835 @ 20), (30)
+# EE as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# EE: https://www.ttja.ee/et/ettevottele-organisatsioonile/sideteenused/raadioseadmed/wifi-seade
+# EE: https://www.itu.int/ITU-D/study_groups/SGP_1998-2002/JGRES09/pdf/estonia.pdf
country EE: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country EG: DFS-ETSI
@@ -430,17 +491,19 @@ country EG: DFS-ETSI
(5170 - 5250 @ 40), (20)
(5250 - 5330 @ 40), (20), DFS
-# Source:
-# Cuadro nacional de atribución de frecuencias (CNAF)
-# https://avancedigital.gob.es/espectro/Paginas/cnaf.aspx
+# ES as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# ES: https://avancedigital.gob.es/espectro/Paginas/cnaf.aspx
country ES: DFS-ETSI
(2400 - 2483.5 @ 40), (100 mW)
(5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
(5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
(5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
- # Short Range Devices (SRD) (ETSI EN 300 440)
+ # short range devices (ETSI EN 300 440-1)
(5725 - 5875 @ 80), (25 mW)
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country ET: DFS-ETSI
@@ -449,14 +512,18 @@ country ET: DFS-ETSI
(5250 - 5330 @ 80), (20), DFS, AUTO-BW
(5490 - 5710 @ 160), (27), DFS
+# FI as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
country FI: DFS-ETSI
- (2400 - 2483.5 @ 40), (20)
- (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- (5250 - 5350 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
- (5470 - 5725 @ 160), (27), DFS, wmmrule=ETSI
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
# short range devices (ETSI EN 300 440-1)
(5725 - 5875 @ 80), (25 mW)
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country FM: DFS-FCC
@@ -466,22 +533,34 @@ country FM: DFS-FCC
(5490 - 5730 @ 160), (24), DFS
(5735 - 5835 @ 80), (30)
+# FR as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
country FR: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- (5250 - 5350 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
- (5470 - 5725 @ 160), (27), DFS, wmmrule=ETSI
- # short range devices (ETSI EN 300 440)
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
(5725 - 5875 @ 80), (25 mW)
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
+# GB as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# GB: https://www.ofcom.org.uk/__data/assets/pdf_file/0019/136009/Ofcom-Information-Sheet-5-GHz-RLANs.pdf
+# GB: https://www.ofcom.org.uk/__data/assets/pdf_file/0028/84970/ir-2030.pdf
country GB: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country GD: DFS-FCC
@@ -523,12 +602,20 @@ country GP: DFS-ETSI
(5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
(5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
+# GR as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# GR: https://www.eett.gr/opencms/export/sites/default/EETT_EN/Electronic_Communications/Radio_Communications/TelecommunicationEquipment/Radio_equipment_interface_requirement_2012.pdf
+# GR: https://www.eett.gr/opencms/export/sites/default/EETT_EN/Electronic_Communications/Radio_Communications/TelecommunicationEquipment/Radio_equipment_interface_requirement_107.pdf
country GR: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country GT: DFS-FCC
@@ -563,11 +650,18 @@ country HN: DFS-FCC
(5735 - 5835 @ 80), (30)
country HR: DFS-ETSI
- (2400 - 2483.5 @ 40), (20)
- (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- (5250 - 5350 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
- (5470 - 5725 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+# HR as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# HR: http://tablice.hakom.hr:8080/vis?lang=en
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country HT: DFS-FCC
@@ -577,37 +671,42 @@ country HT: DFS-FCC
(5490 - 5730 @ 160), (24), DFS
(5735 - 5835 @ 80), (30)
-# http://stir.nmhh.hu/?oldal=dokumentumGeneralo&root_rendeletelem_id=3&hatalyos=1
-# http://english.nmhh.hu/cikk/297/Eljarasi_tajekoztato_a_24_GHzes_es_az_5_GHzes_savban_mukodo_berendezesek_engedelyezeserol
-# http://nmhh.hu/dokumentum/319/kis_hatotavolsagu_eszkozok_srdk.pdf
+# HU as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# HU: http://stir.nmhh.hu/?oldal=dokumentumGeneralo&root_rendeletelem_id=3&hatalyos=1
+# HU: http://english.nmhh.hu/cikk/297/Eljarasi_tajekoztato_a_24_GHzes_es_az_5_GHzes_savban_mukodo_berendezesek_engedelyezeserol
+# HU: http://nmhh.hu/dokumentum/319/kis_hatotavolsagu_eszkozok_srdk.pdf
country HU: DFS-ETSI
- # ref: 2006/771/EK, (EU) 2017/1483, MSZ EN 300 328
- # additionally: 100mW @ 10MHz channels, 50mW @ 5MHz (max. 10mW/MHz)
- (2400 - 2483.5 @ 40), (20)
- # ref: 2005/513/EK
- # note: TPC not needed @ 5150-5250
- (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- # note: max would be +3dB with TPC @ 5250-5725
- (5250 - 5350 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
- (5470 - 5725 @ 160), (27), DFS, wmmrule=ETSI
- # "Short Range Devices (SRD)"
- # ref: 2006/771/EK, (EU) 2017/1483, MSZ EN 300 440, MSZ EN 302 064
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
(5725 - 5875 @ 80), (25 mW)
- # 60 GHz band channels 1-4, "Fixed outdoor installation not allowed"
- # ref: 2006/771/EK, (EU) 2017/1483, MSZ EN 302 567
- (57000 - 66000 @ 2160), (40), NO-OUTDOOR
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
+ (57000 - 66000 @ 2160), (40)
country ID: DFS-JP
# ref: http://www.postel.go.id/content/ID/regulasi/standardisasi/kepdir/bwa%205,8%20ghz.pdf
(2402 - 2482 @ 20), (20)
(5735 - 5815 @ 20), (23)
+# IE as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# IE: https://www.comreg.ie/publication-download/interface-requirements-for-radio-services-in-ireland
+# IE: https://www.comreg.ie/publication-download/permitted-short-range-devices-ireland
country IE: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country IL: DFS-ETSI
@@ -626,20 +725,33 @@ country IR: DFS-JP
(2402 - 2482 @ 40), (20)
(5735 - 5835 @ 80), (30)
+# IS as part of CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# IS: https://www.pfs.is/library/Skrar/Tidnir-og-taekni/MHZ_21022019.pdf
country IS: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
+# IT as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
country IT: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country JM: DFS-FCC
@@ -741,16 +853,22 @@ country LC: DFS-ETSI
(5490 - 5710 @ 160), (30), DFS
(5735 - 5815 @ 80), (30)
-# Source:
-# https://www.ofcomnet.ch/#/fatTable
-# Note that the maximum transmitter power can be doubled for 5250-5710MHz if
-# transmitter power control is in use: 5250-5330@23db, 5490-5710@30db
+# LI as part of CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# LI: https://www.ofcomnet.ch/api/rir/1010/05
+# LI: https://www.ofcomnet.ch/api/rir/1010/04
+# LI: https://www.ofcomnet.ch/api/rir/1008/12
+# LI: https://www.ofcomnet.ch/#/fatTable
country LI: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- (5250 - 5350 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country LK: DFS-FCC
@@ -768,28 +886,50 @@ country LS: DFS-ETSI
(5250 - 5330 @ 80), (20), DFS, AUTO-BW
(5490 - 5710 @ 160), (27), DFS
+# LT as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# LT: https://www.rrt.lt/en/radio-spectrum/frequency-management/ or direct link:
+# LT: https://www.e-tar.lt/portal/lt/legalAct/6e718fd037a011e69101aaab2992cbcd/dGRioCBBHb
country LT: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
+# LU as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# LU: https://assets.ilr.lu/frequences/Documents/ILRLU-1723895916-183.pdf#search=en%20300%20440
country LU: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
+# LV as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# LV: http://likumi.lv/doc.php?id=198903
country LV: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country MA: DFS-ETSI
@@ -875,12 +1015,19 @@ country MR: DFS-ETSI
(5250 - 5330 @ 80), (20), DFS, AUTO-BW
(5490 - 5710 @ 160), (27), DFS
+# MT as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# MT: https://www.mca.org.mt/sites/default/files/NFP_edition%206-1.pdf
country MT: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country MU: DFS-FCC
@@ -930,34 +1077,36 @@ country NI: DFS-FCC
(5490 - 5730 @ 160), (24), DFS
(5735 - 5835 @ 80), (30)
-# Regulation on the use of frequency space without a license and
-# without notification 2015
-#
-# http://wetten.overheid.nl/BWBR0036378/2015-03-05
-
+# NL as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# NL: http://wetten.overheid.nl/BWBR0036378/2015-03-05
country NL: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
# short range devices (ETSI EN 300 440-1)
(5725 - 5875 @ 80), (25 mW)
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
-# Data from http://www.lovdata.no/dokument/SF/forskrift/2012-01-19-77
-# Power at 5250 - 5350 MHz, 5470 - 5725 MHz and 5815 5850 MHz can
-# be doubled if TPC is implemented.
-# Up to 2W (or 4W with TPC) is allowed in the 5725 5795 MHz band
-# which has been merged with 5470 - 5725 MHz to allow wide channels
+# NO as part of CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# NO: https://eng.nkom.no/technical/temporary-licenses/mobile-videolink/wireless-cameras-mobile-video-links/_attachment/9947
+# NO: http://www.lovdata.no/dokument/SF/forskrift/2012-01-19-77
+# In addition to EU NO can use 57255795 MHz and 58155850 bands with limit of 4 W EIRP (with DFS and TPC)
country NO: DFS-ETSI
(2400 - 2483.5 @ 40), (100 mW)
- (5150 - 5250 @ 80), (200 mW), AUTO-BW, wmmrule=ETSI
- (5250 - 5350 @ 80), (100 mW), DFS, AUTO-BW, wmmrule=ETSI
- (5470 - 5795 @ 160), (500 mW), DFS, wmmrule=ETSI
- (5815 - 5850 @ 35), (2000 mW), DFS
- (17100 - 17300 @ 200), (100 mW)
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country NP: DFS-JP
@@ -1020,12 +1169,18 @@ country PK: DFS-JP
(2402 - 2482 @ 40), (20)
(5735 - 5835 @ 80), (30)
+# PL as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
country PL: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country PM: DFS-ETSI
@@ -1041,14 +1196,19 @@ country PR: DFS-FCC
(5490 - 5730 @ 160), (24), DFS
(5735 - 5835 @ 80), (30)
+# PT as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# PT: https://www.anacom.pt/render.jsp?categoryId=336334
country PT: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
# short range devices (ETSI EN 300 440-1)
(5725 - 5875 @ 80), (25 mW)
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country PW: DFS-FCC
@@ -1079,15 +1239,21 @@ country RE: DFS-ETSI
(5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
(5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
+# RO as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# RO: http://www.ancom.org.ro/en/uploads/links_files/ordin_262_2006.pdf
country RO: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
-
# Source:
# http://www.ratel.rs/upload/documents/Plan_namene/Plan_namene-sl_glasnik.pdf
country RS: DFS-ETSI
@@ -1119,18 +1285,20 @@ country SA: DFS-ETSI
(5250 - 5330 @ 80), (20), DFS, AUTO-BW
(5490 - 5710 @ 160), (27), DFS
-# Source:
-# https://pts.se/globalassets/startpage/dokument/legala-dokument/foreskrifter/radio/beslutade_ptsfs-2018-3-undantagsforeskrifter.pdf
+# SE as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# SE: https://pts.se/globalassets/startpage/dokument/legala-dokument/foreskrifter/radio/beslutade_ptsfs-2018-3-undantagsforeskrifter.pdf
country SE: DFS-ETSI
- (2400 - 2483.5 @ 40), (20)
- (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- # note: max would be +3dB with TPC @ 5250-5725
- (5250 - 5350 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
- (5470 - 5725 @ 160), (27), DFS, wmmrule=ETSI
- # short range devices (ETSI EN 300 440)
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
(5725 - 5875 @ 80), (25 mW)
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
- (57000 - 66000 @ 2160), (40), NO-OUTDOOR
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
+ (57000 - 66000 @ 2160), (40)
# Source
# https://www.imda.gov.sg/~/media/imda/files/regulation%20licensing%20and%20consultations/ict%20standards/telecommunication%20standards/radio-comms/imdatssrd.pdf?la=en
@@ -1144,20 +1312,36 @@ country SG: DFS-FCC
# (5470 - 5725 @ 160), (30), DFS
(5725 - 5850 @ 80), (30)
+# SI as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# SI: https://www.akos-rs.si/bwa
country SI: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
+# SK as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# SK: https://www.teleoff.gov.sk/data/files/25911.pdf
+# SK: https://www.teleoff.gov.sk/data/files/41072.pdf
+# SK: https://www.teleoff.gov.sk/data/files/49125_vpr-01_2018-rusi-vpr-10_2014a21_2012-nespecifik-srd_021018.pdf
country SK: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
# Source:

44
package/firmware/wireless-regdb/patches/602-wireless-regdb-Update-regulatory-rules-for-Russia-RU.patch
View File

@@ -1,44 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Dmitry Tunin <hanipouspilot@gmail.com>
Date: Sat, 24 Aug 2019 11:48:10 +0300
Subject: [PATCH] wireless-regdb: Update regulatory rules for Russia (RU)
Russian entry is incorrect. According to the last regulations
document of Feb 29, 2016, 160 MHz channels and 802.11ad are allowed.
http://rfs-rf.ru/upload/medialibrary/c1a/prilozhenie-1-k-resheniyu-gkrch-_-16_36_03.pdf
Note that there was never a DFS requirement in Russia, but always was
NO-OUTDOOR on 5GHz.
Maximum power is 200mW that is ~23dBm on all 5GHz channels.
Also Russia has never been regulated by ETSI.
EIRP has been reduced by 4dBm because of TPC requirement.
Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
diff --git a/db.txt b/db.txt
index f6b2f921416c..9c4b447536e4 100644
--- a/db.txt
+++ b/db.txt
@@ -1349,14 +1349,12 @@ country RS: DFS-ETSI
# 60 GHz band channels 1-4, ref: Etsi En 302 567
(57000 - 66000 @ 2160), (40)
-country RU: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW
- (5650 - 5730 @ 80), (30), DFS
- (5735 - 5835 @ 80), (30)
+country RU:
+ (2400 - 2483.5 @ 40), (20)
+ (5150 - 5350 @ 160), (20), NO-OUTDOOR
+ (5650 - 5850 @ 160), (20), NO-OUTDOOR
# 60 GHz band channels 1-4, ref: Changes to NLA 124_Order №129_22042015.pdf
- (57000 - 66000 @ 2160), (40)
+ (57000 - 66000 @ 2160), (40), NO-OUTDOOR
country RW: DFS-FCC
(2402 - 2482 @ 40), (20)

8
package/kernel/mac80211/Makefile
View File

@@ -10,10 +10,10 @@ include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=mac80211
PKG_VERSION:=4.19.137-1
PKG_RELEASE:=2
PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v4.19.137/
PKG_HASH:=dc5eea4f77fc5c43b69e38f46fbf766880fa4bdeef83dcc8dcc85aa6b645bb7c
PKG_VERSION:=4.19.161-1
PKG_RELEASE:=1
PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v4.19.161/
PKG_HASH:=01a4173ba180eb8ca67c898239d5accb49a3ea9aea51510e17d5c937d6e93f9a
PKG_SOURCE:=backports-$(PKG_VERSION).tar.xz
PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/backports-$(PKG_VERSION)

4
package/kernel/mac80211/patches/ath/404-regd_no_assoc_hints.patch
View File

@@ -1,6 +1,6 @@
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -3034,6 +3034,8 @@ void regulatory_hint_country_ie(struct w
@@ -3037,6 +3037,8 @@ void regulatory_hint_country_ie(struct w
enum environment_cap env = ENVIRON_ANY;
struct regulatory_request *request = NULL, *lr;
@@ -9,7 +9,7 @@
/* IE len must be evenly divisible by 2 */
if (country_ie_len & 0x01)
return;
@@ -3259,6 +3261,7 @@ static bool is_wiphy_all_set_reg_flag(en
@@ -3262,6 +3264,7 @@ static bool is_wiphy_all_set_reg_flag(en
void regulatory_hint_disconnect(void)
{

2
package/kernel/mac80211/patches/ath/972-ath10k_fix-crash-due-to-wrong-handling-of-peer_bw_rxnss_override-parameter.patch
View File

@@ -105,7 +105,7 @@ v9: use SM/MS macros from code.h to simplify shift/mask handling
}
--- a/drivers/net/wireless/ath/ath10k/wmi.c
+++ b/drivers/net/wireless/ath/ath10k/wmi.c
@@ -7378,12 +7378,7 @@ ath10k_wmi_peer_assoc_fill_10_4(struct a
@@ -7391,12 +7391,7 @@ ath10k_wmi_peer_assoc_fill_10_4(struct a
struct wmi_10_4_peer_assoc_complete_cmd *cmd = buf;
ath10k_wmi_peer_assoc_fill_10_2(ar, buf, arg);

12
package/kernel/mac80211/patches/ath/974-ath10k_add-LED-and-GPIO-controlling-support-for-various-chipsets.patch
View File

@@ -475,7 +475,7 @@ v13:
static const struct wmi_peer_flags_map wmi_tlv_peer_flags_map = {
--- a/drivers/net/wireless/ath/ath10k/wmi.c
+++ b/drivers/net/wireless/ath/ath10k/wmi.c
@@ -7198,6 +7198,49 @@ ath10k_wmi_op_gen_peer_set_param(struct
@@ -7211,6 +7211,49 @@ ath10k_wmi_op_gen_peer_set_param(struct
return skb;
}
@@ -525,7 +525,7 @@ v13:
static struct sk_buff *
ath10k_wmi_op_gen_set_psmode(struct ath10k *ar, u32 vdev_id,
enum wmi_sta_ps_mode psmode)
@@ -8809,6 +8852,9 @@ static const struct wmi_ops wmi_ops = {
@@ -8822,6 +8865,9 @@ static const struct wmi_ops wmi_ops = {
.fw_stats_fill = ath10k_wmi_main_op_fw_stats_fill,
.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
.gen_echo = ath10k_wmi_op_gen_echo,
@@ -535,7 +535,7 @@ v13:
/* .gen_bcn_tmpl not implemented */
/* .gen_prb_tmpl not implemented */
/* .gen_p2p_go_bcn_ie not implemented */
@@ -8879,6 +8925,8 @@ static const struct wmi_ops wmi_10_1_ops
@@ -8892,6 +8938,8 @@ static const struct wmi_ops wmi_10_1_ops
.fw_stats_fill = ath10k_wmi_10x_op_fw_stats_fill,
.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
.gen_echo = ath10k_wmi_op_gen_echo,
@@ -544,7 +544,7 @@ v13:
/* .gen_bcn_tmpl not implemented */
/* .gen_prb_tmpl not implemented */
/* .gen_p2p_go_bcn_ie not implemented */
@@ -8950,6 +8998,8 @@ static const struct wmi_ops wmi_10_2_ops
@@ -8963,6 +9011,8 @@ static const struct wmi_ops wmi_10_2_ops
.gen_delba_send = ath10k_wmi_op_gen_delba_send,
.fw_stats_fill = ath10k_wmi_10x_op_fw_stats_fill,
.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
@@ -553,7 +553,7 @@ v13:
/* .gen_pdev_enable_adaptive_cca not implemented */
};
@@ -9020,6 +9070,8 @@ static const struct wmi_ops wmi_10_2_4_o
@@ -9033,6 +9083,8 @@ static const struct wmi_ops wmi_10_2_4_o
.gen_pdev_enable_adaptive_cca =
ath10k_wmi_op_gen_pdev_enable_adaptive_cca,
.get_vdev_subtype = ath10k_wmi_10_2_4_op_get_vdev_subtype,
@@ -562,7 +562,7 @@ v13:
/* .gen_bcn_tmpl not implemented */
/* .gen_prb_tmpl not implemented */
/* .gen_p2p_go_bcn_ie not implemented */
@@ -9099,6 +9151,8 @@ static const struct wmi_ops wmi_10_4_ops
@@ -9112,6 +9164,8 @@ static const struct wmi_ops wmi_10_4_ops
.gen_pdev_bss_chan_info_req = ath10k_wmi_10_2_op_gen_pdev_bss_chan_info,
.gen_echo = ath10k_wmi_op_gen_echo,
.gen_pdev_get_tpc_config = ath10k_wmi_10_2_4_op_gen_pdev_get_tpc_config,

2
package/kernel/mac80211/patches/brcm/320-v5.0-0004-brcmfmac-Set-board_type-used-for-nvram-file-selectio.patch
View File

@@ -67,7 +67,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
fwreq->bus_nr = devinfo->pdev->bus->number;
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
@@ -4215,6 +4215,7 @@ brcmf_sdio_prepare_fw_request(struct brc
@@ -4219,6 +4219,7 @@ brcmf_sdio_prepare_fw_request(struct brc
fwreq->items[BRCMF_SDIO_FW_CODE].type = BRCMF_FW_TYPE_BINARY;
fwreq->items[BRCMF_SDIO_FW_NVRAM].type = BRCMF_FW_TYPE_NVRAM;

10
package/kernel/mac80211/patches/brcm/328-v5.0-0001-brcmfmac-add-credit-numbers-updating-support.patch
View File

@@ -27,7 +27,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
int credits_borrowed[BRCMF_FWS_FIFO_AC_VO + 1];
int deq_node_pos[BRCMF_FWS_FIFO_COUNT];
u32 fifo_credit_map;
@@ -1241,6 +1242,9 @@ static void brcmf_fws_return_credits(str
@@ -1245,6 +1246,9 @@ static void brcmf_fws_return_credits(str
}
fws->fifo_credit[fifo] += credits;
@@ -37,7 +37,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
}
static void brcmf_fws_schedule_deq(struct brcmf_fws_info *fws)
@@ -1599,19 +1603,21 @@ static int brcmf_fws_notify_credit_map(s
@@ -1603,19 +1607,21 @@ static int brcmf_fws_notify_credit_map(s
brcmf_err("event payload too small (%d)\n", e->datalen);
return -EINVAL;
}
@@ -63,7 +63,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
}
brcmf_fws_schedule_deq(fws);
brcmf_fws_unlock(fws);
@@ -2017,7 +2023,7 @@ static int brcmf_fws_borrow_credit(struc
@@ -2021,7 +2027,7 @@ static int brcmf_fws_borrow_credit(struc
}
for (lender_ac = 0; lender_ac <= BRCMF_FWS_FIFO_AC_VO; lender_ac++) {
@@ -72,7 +72,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
fws->credits_borrowed[lender_ac]++;
fws->fifo_credit[lender_ac]--;
if (fws->fifo_credit[lender_ac] == 0)
@@ -2216,8 +2222,9 @@ static void brcmf_fws_dequeue_worker(str
@@ -2220,8 +2226,9 @@ static void brcmf_fws_dequeue_worker(str
}
continue;
}
@@ -84,7 +84,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
skb = brcmf_fws_deq(fws, fifo);
if (!skb)
break;
@@ -2228,7 +2235,7 @@ static void brcmf_fws_dequeue_worker(str
@@ -2232,7 +2239,7 @@ static void brcmf_fws_dequeue_worker(str
break;
}
if ((fifo == BRCMF_FWS_FIFO_AC_BE) &&

16
package/kernel/mac80211/patches/brcm/328-v5.0-0003-brcmfmac-handle-compressed-tx-status-signal.patch
View File

@@ -18,7 +18,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
@@ -1459,9 +1459,10 @@ static int brcmf_fws_txstatus_suppressed
@@ -1463,9 +1463,10 @@ static int brcmf_fws_txstatus_suppressed
static int
brcmf_fws_txs_process(struct brcmf_fws_info *fws, u8 flags, u32 hslot,
@@ -30,7 +30,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
int ret;
bool remove_from_hanger = true;
struct sk_buff *skb;
@@ -1472,60 +1473,71 @@ brcmf_fws_txs_process(struct brcmf_fws_i
@@ -1476,60 +1477,71 @@ brcmf_fws_txs_process(struct brcmf_fws_i
brcmf_dbg(DATA, "flags %d\n", flags);
if (flags == BRCMF_FWS_TXSTATUS_DISCARD)
@@ -144,7 +144,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
return 0;
}
@@ -1551,7 +1563,8 @@ static int brcmf_fws_fifocreditback_indi
@@ -1555,7 +1567,8 @@ static int brcmf_fws_fifocreditback_indi
return BRCMF_FWS_RET_OK_SCHEDULE;
}
@@ -154,7 +154,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
{
__le32 status_le;
__le16 seq_le;
@@ -1560,23 +1573,31 @@ static int brcmf_fws_txstatus_indicate(s
@@ -1564,23 +1577,31 @@ static int brcmf_fws_txstatus_indicate(s
u32 genbit;
u8 flags;
u16 seq;
@@ -189,7 +189,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
brcmf_fws_unlock(fws);
return BRCMF_FWS_RET_OK_NOSCHEDULE;
}
@@ -1892,8 +1913,6 @@ void brcmf_fws_hdrpull(struct brcmf_if *
@@ -1896,8 +1917,6 @@ void brcmf_fws_hdrpull(struct brcmf_if *
err = BRCMF_FWS_RET_OK_NOSCHEDULE;
switch (type) {
@@ -198,7 +198,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
case BRCMF_FWS_TYPE_HOST_REORDER_RXPKTS:
rd = (struct brcmf_skb_reorder_data *)skb->cb;
rd->reorder = data;
@@ -1916,7 +1935,8 @@ void brcmf_fws_hdrpull(struct brcmf_if *
@@ -1920,7 +1939,8 @@ void brcmf_fws_hdrpull(struct brcmf_if *
err = brcmf_fws_request_indicate(fws, type, data);
break;
case BRCMF_FWS_TYPE_TXSTATUS:
@@ -208,7 +208,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
break;
case BRCMF_FWS_TYPE_FIFO_CREDITBACK:
err = brcmf_fws_fifocreditback_indicate(fws, data);
@@ -2005,7 +2025,7 @@ static void brcmf_fws_rollback_toq(struc
@@ -2009,7 +2029,7 @@ static void brcmf_fws_rollback_toq(struc
fws->stats.rollback_failed++;
hslot = brcmf_skb_htod_tag_get_field(skb, HSLOT);
brcmf_fws_txs_process(fws, BRCMF_FWS_TXSTATUS_HOST_TOSSED,
@@ -217,7 +217,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
} else {
fws->stats.rollback_success++;
brcmf_fws_return_credits(fws, fifo, 1);
@@ -2476,7 +2496,8 @@ void brcmf_fws_bustxfail(struct brcmf_fw
@@ -2480,7 +2500,8 @@ void brcmf_fws_bustxfail(struct brcmf_fw
}
brcmf_fws_lock(fws);
hslot = brcmf_skb_htod_tag_get_field(skb, HSLOT);

4
package/kernel/mac80211/patches/brcm/329-v5.0-0004-brcmfmac-add-support-for-CYW43012-SDIO-chipset.patch
View File

@@ -209,7 +209,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
if (err) {
brcmf_err("error writing SBSDIO_FUNC1_CHIPCLKCSR\n");
return;
@@ -4067,7 +4114,7 @@ static void brcmf_sdio_firmware_callback
@@ -4071,7 +4118,7 @@ static void brcmf_sdio_firmware_callback
const struct firmware *code;
void *nvram;
u32 nvram_len;
@@ -218,7 +218,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
u8 devctl;
brcmf_dbg(TRACE, "Enter: dev=%s, err=%d\n", dev_name(dev), err);
@@ -4101,8 +4148,11 @@ static void brcmf_sdio_firmware_callback
@@ -4105,8 +4152,11 @@ static void brcmf_sdio_firmware_callback
/* Force clocks on backplane to be sure F2 interrupt propagates */
saveclk = brcmf_sdiod_readb(sdiod, SBSDIO_FUNC1_CHIPCLKCSR, &err);
if (!err) {

2
package/kernel/mac80211/patches/brcm/329-v5.0-0006-brcmfmac-update-43012-F2-watermark-setting-to-fix-DM.patch
View File

@@ -29,7 +29,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
#ifdef DEBUG
@@ -4189,6 +4190,17 @@ static void brcmf_sdio_firmware_callback
@@ -4193,6 +4194,17 @@ static void brcmf_sdio_firmware_callback
CY_4373_F2_WATERMARK |
SBSDIO_MESBUSYCTRL_ENAB, &err);
break;

6
package/kernel/mac80211/patches/brcm/349-v5.1-0005-brcmfmac-check-and-dump-trap-info-during-sdio-probe.patch
View File

@@ -81,7 +81,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
return 0;
}
@@ -4213,7 +4229,7 @@ static void brcmf_sdio_firmware_callback
@@ -4217,7 +4233,7 @@ static void brcmf_sdio_firmware_callback
} else {
/* Disable F2 again */
sdio_disable_func(sdiod->func2);
@@ -90,7 +90,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
}
if (brcmf_chip_sr_capable(bus->ci)) {
@@ -4234,8 +4250,10 @@ static void brcmf_sdio_firmware_callback
@@ -4238,8 +4254,10 @@ static void brcmf_sdio_firmware_callback
}
/* If we didn't come up, turn off backplane clock */
@@ -102,7 +102,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
sdio_release_host(sdiod->func1);
@@ -4249,12 +4267,15 @@ static void brcmf_sdio_firmware_callback
@@ -4253,12 +4271,15 @@ static void brcmf_sdio_firmware_callback
err = brcmf_attach(sdiod->dev, sdiod->settings);
if (err != 0) {
brcmf_err("brcmf_attach failed\n");

30
package/kernel/mac80211/patches/brcm/354-v5.1-brcmfmac-use-bphy_err-in-all-wiphy-related-code.patch
View File

@@ -690,7 +690,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
ifp->bsscfgidx, name, len);
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
@@ -1259,6 +1259,7 @@ static int brcmf_fws_enq(struct brcmf_fw
@@ -1263,6 +1263,7 @@ static int brcmf_fws_enq(struct brcmf_fw
enum brcmf_fws_skb_state state, int fifo,
struct sk_buff *p)
{
@@ -698,7 +698,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
int prec = 2 * fifo;
u32 *qfull_stat = &fws->stats.delayq_full_error;
struct brcmf_fws_mac_descriptor *entry;
@@ -1271,7 +1272,7 @@ static int brcmf_fws_enq(struct brcmf_fw
@@ -1275,7 +1276,7 @@ static int brcmf_fws_enq(struct brcmf_fw
entry = brcmf_skbcb(p)->mac;
if (entry == NULL) {
@@ -707,7 +707,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
return -ENOENT;
}
@@ -1461,6 +1462,7 @@ static int
@@ -1465,6 +1466,7 @@ static int
brcmf_fws_txs_process(struct brcmf_fws_info *fws, u8 flags, u32 hslot,
u32 genbit, u16 seq, u8 compcnt)
{
@@ -715,7 +715,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
u32 fifo;
u8 cnt = 0;
int ret;
@@ -1485,14 +1487,14 @@ brcmf_fws_txs_process(struct brcmf_fws_i
@@ -1489,14 +1491,14 @@ brcmf_fws_txs_process(struct brcmf_fws_i
else if (flags == BRCMF_FWS_TXSTATUS_HOST_TOSSED)
fws->stats.txs_host_tossed += compcnt;
else
@@ -733,7 +733,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
goto cont;
}
@@ -1616,12 +1618,13 @@ static int brcmf_fws_notify_credit_map(s
@@ -1620,12 +1622,13 @@ static int brcmf_fws_notify_credit_map(s
const struct brcmf_event_msg *e,
void *data)
{
@@ -749,7 +749,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
return -EINVAL;
}
@@ -1685,6 +1688,7 @@ static void brcmf_rxreorder_get_skb_list
@@ -1689,6 +1692,7 @@ static void brcmf_rxreorder_get_skb_list
void brcmf_fws_rxreorder(struct brcmf_if *ifp, struct sk_buff *pkt)
{
@@ -757,7 +757,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
u8 *reorder_data;
u8 flow_id, max_idx, cur_idx, exp_idx, end_idx;
struct brcmf_ampdu_rx_reorder *rfi;
@@ -1699,7 +1703,7 @@ void brcmf_fws_rxreorder(struct brcmf_if
@@ -1703,7 +1707,7 @@ void brcmf_fws_rxreorder(struct brcmf_if
/* validate flags and flow id */
if (flags == 0xFF) {
@@ -766,7 +766,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
brcmf_netif_rx(ifp, pkt);
return;
}
@@ -1736,7 +1740,7 @@ void brcmf_fws_rxreorder(struct brcmf_if
@@ -1740,7 +1744,7 @@ void brcmf_fws_rxreorder(struct brcmf_if
flow_id, max_idx);
rfi = kzalloc(buf_size, GFP_ATOMIC);
if (rfi == NULL) {
@@ -775,7 +775,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
brcmf_netif_rx(ifp, pkt);
return;
}
@@ -2000,6 +2004,7 @@ static u8 brcmf_fws_precommit_skb(struct
@@ -2004,6 +2008,7 @@ static u8 brcmf_fws_precommit_skb(struct
static void brcmf_fws_rollback_toq(struct brcmf_fws_info *fws,
struct sk_buff *skb, int fifo)
{
@@ -783,7 +783,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
struct brcmf_fws_mac_descriptor *entry;
struct sk_buff *pktout;
int qidx, hslot;
@@ -2013,11 +2018,11 @@ static void brcmf_fws_rollback_toq(struc
@@ -2017,11 +2022,11 @@ static void brcmf_fws_rollback_toq(struc
pktout = brcmu_pktq_penq_head(&entry->psq, qidx, skb);
if (pktout == NULL) {
@@ -797,7 +797,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
rc = -ENOENT;
}
@@ -2122,7 +2127,8 @@ static int brcmf_fws_assign_htod(struct
@@ -2126,7 +2131,8 @@ static int brcmf_fws_assign_htod(struct
int brcmf_fws_process_skb(struct brcmf_if *ifp, struct sk_buff *skb)
{
@@ -807,7 +807,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
struct brcmf_skbuff_cb *skcb = brcmf_skbcb(skb);
struct ethhdr *eh = (struct ethhdr *)(skb->data);
int fifo = BRCMF_FWS_FIFO_BCMC;
@@ -2150,7 +2156,7 @@ int brcmf_fws_process_skb(struct brcmf_i
@@ -2154,7 +2160,7 @@ int brcmf_fws_process_skb(struct brcmf_i
brcmf_fws_enq(fws, BRCMF_FWS_SKBSTATE_DELAYED, fifo, skb);
brcmf_fws_schedule_deq(fws);
} else {
@@ -816,7 +816,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
brcmf_txfinalize(ifp, skb, false);
rc = -ENOMEM;
}
@@ -2371,7 +2377,7 @@ struct brcmf_fws_info *brcmf_fws_attach(
@@ -2375,7 +2381,7 @@ struct brcmf_fws_info *brcmf_fws_attach(
fws->fws_wq = create_singlethread_workqueue("brcmf_fws_wq");
if (fws->fws_wq == NULL) {
@@ -825,7 +825,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
rc = -EBADF;
goto fail;
}
@@ -2387,13 +2393,13 @@ struct brcmf_fws_info *brcmf_fws_attach(
@@ -2391,13 +2397,13 @@ struct brcmf_fws_info *brcmf_fws_attach(
rc = brcmf_fweh_register(drvr, BRCMF_E_FIFO_CREDIT_MAP,
brcmf_fws_notify_credit_map);
if (rc < 0) {
@@ -841,7 +841,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
brcmf_fweh_unregister(drvr, BRCMF_E_FIFO_CREDIT_MAP);
goto fail;
}
@@ -2405,7 +2411,7 @@ struct brcmf_fws_info *brcmf_fws_attach(
@@ -2409,7 +2415,7 @@ struct brcmf_fws_info *brcmf_fws_attach(
fws->fw_signals = true;
ifp = brcmf_get_ifp(drvr, 0);
if (brcmf_fil_iovar_int_set(ifp, "tlv", tlv)) {

2
package/kernel/mac80211/patches/brcm/384-v5.4-0001-Revert-brcmfmac-fix-NULL-pointer-derefence-during-US.patch
View File

@@ -85,7 +85,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
wiphy_free(drvr->wiphy);
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
@@ -2432,25 +2432,17 @@ struct brcmf_fws_info *brcmf_fws_attach(
@@ -2436,25 +2436,17 @@ struct brcmf_fws_info *brcmf_fws_attach(
return fws;
fail:

2
package/kernel/mac80211/patches/brcm/392-v5.4-0002-brcmfmac-split-brcmf_attach-and-brcmf_detach-functio.patch
View File

@@ -153,7 +153,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
kfree(bus->msgbuf->flowrings);
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
@@ -4254,17 +4254,26 @@ static void brcmf_sdio_firmware_callback
@@ -4258,17 +4258,26 @@ static void brcmf_sdio_firmware_callback
sdiod->bus_if->chip = bus->ci->chip;
sdiod->bus_if->chiprev = bus->ci->chiprev;

2
package/kernel/mac80211/patches/brcm/414-v5.6-0002-brcmfmac-set-F2-blocksize-and-watermark-for-4359.patch
View File

@@ -57,7 +57,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
#ifdef DEBUG
@@ -4212,6 +4214,19 @@ static void brcmf_sdio_firmware_callback
@@ -4216,6 +4218,19 @@ static void brcmf_sdio_firmware_callback
brcmf_sdiod_writeb(sdiod, SBSDIO_DEVICE_CTL, devctl,
&err);
break;

2
package/kernel/mac80211/patches/brcm/417-v5.6-brcmfmac-use-true-false-for-bool-variable.patch
View File

@@ -16,7 +16,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
@@ -908,7 +908,7 @@ static u8 brcmf_fws_hdrpush(struct brcmf
@@ -912,7 +912,7 @@ static u8 brcmf_fws_hdrpush(struct brcmf
wlh += wlh[1] + 2;
if (entry->send_tim_signal) {

4
package/kernel/mac80211/patches/brcm/418-v5.6-brcmfmac-sdio-Fix-OOB-interrupt-initialization-on-br.patch
View File

@@ -29,7 +29,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
@@ -4249,6 +4249,12 @@ static void brcmf_sdio_firmware_callback
@@ -4253,6 +4253,12 @@ static void brcmf_sdio_firmware_callback
}
if (err == 0) {
@@ -42,7 +42,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
/* Allow full data communication using DPC from now on. */
brcmf_sdiod_change_state(bus->sdiodev, BRCMF_SDIOD_DATA);
@@ -4265,12 +4271,6 @@ static void brcmf_sdio_firmware_callback
@@ -4269,12 +4275,6 @@ static void brcmf_sdio_firmware_callback
sdio_release_host(sdiod->func1);

33
package/kernel/mac80211/patches/subsys/090-wireless-Use-linux-stddef.h-instead-of-stddef.h.patch
View File

@@ -1,33 +0,0 @@
From 1b9ae0c92925ac40489be526d67d0010d0724ce0 Mon Sep 17 00:00:00 2001
From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Thu, 21 May 2020 22:14:22 +0200
Subject: [PATCH] wireless: Use linux/stddef.h instead of stddef.h
When compiling inside the kernel include linux/stddef.h instead of
stddef.h. When I compile this header file in backports for power PC I
run into a conflict with ptrdiff_t. I was unable to reproduce this in
mainline kernel. I still would like to fix this problem in the kernel.
Fixes: 6989310f5d43 ("wireless: Use offsetof instead of custom macro.")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Link: https://lore.kernel.org/r/20200521201422.16493-1-hauke@hauke-m.de
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
include/uapi/linux/wireless.h | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/include/uapi/linux/wireless.h
+++ b/include/uapi/linux/wireless.h
@@ -74,7 +74,11 @@
#include <linux/socket.h> /* for "struct sockaddr" et al */
#include <linux/if.h> /* for IFNAMSIZ and co... */
-#include <stddef.h> /* for offsetof */
+#ifdef __KERNEL__
+# include <linux/stddef.h> /* for offsetof */
+#else
+# include <stddef.h> /* for offsetof */
+#endif
/***************************** VERSION *****************************/
/*

2
package/kernel/mac80211/patches/subsys/110-mac80211_keep_keys_on_stop_ap.patch
View File

@@ -2,7 +2,7 @@ Used for AP+STA support in OpenWrt - preserve AP mode keys across STA reconnects
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1067,7 +1067,6 @@ static int ieee80211_stop_ap(struct wiph
@@ -1068,7 +1068,6 @@ static int ieee80211_stop_ap(struct wiph
sdata->u.ap.driver_smps_mode = IEEE80211_SMPS_OFF;
__sta_info_flush(sdata, true);

2
package/kernel/mac80211/patches/subsys/140-tweak-TSQ-setting.patch
View File

@@ -1,6 +1,6 @@
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -3822,6 +3822,12 @@ out:
@@ -3833,6 +3833,12 @@ out:
netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
struct net_device *dev)
{

2
package/kernel/mac80211/patches/subsys/210-ap_scan.patch
View File

@@ -1,6 +1,6 @@
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -2189,7 +2189,7 @@ static int ieee80211_scan(struct wiphy *
@@ -2190,7 +2190,7 @@ static int ieee80211_scan(struct wiphy *
* the frames sent while scanning on other channel will be
* lost)
*/

4
package/kernel/mac80211/patches/subsys/300-mac80211-add-stop-start-logic-for-software-TXQs.patch
View File

@@ -100,7 +100,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(unsigned long) local);
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -3487,13 +3487,19 @@ struct sk_buff *ieee80211_tx_dequeue(str
@@ -3498,13 +3498,19 @@ struct sk_buff *ieee80211_tx_dequeue(str
struct ieee80211_tx_info *info;
struct ieee80211_tx_data tx;
ieee80211_tx_result r;
@@ -122,7 +122,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
/* Make sure fragments stay together. */
skb = __skb_dequeue(&txqi->frags);
if (skb)
@@ -3606,6 +3612,7 @@ begin:
@@ -3617,6 +3623,7 @@ begin:
}
IEEE80211_SKB_CB(skb)->control.vif = vif;

12
package/kernel/mac80211/patches/subsys/304-mac80211-minstrel-remove-unnecessary-debugfs-cleanup.patch
View File

@@ -10,7 +10,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -689,8 +689,8 @@ minstrel_alloc(struct ieee80211_hw *hw,
@@ -672,8 +672,8 @@ minstrel_alloc(struct ieee80211_hw *hw,
#ifdef CPTCFG_MAC80211_DEBUGFS
mp->fixed_rate_idx = (u32) -1;
@@ -21,7 +21,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
#endif
minstrel_init_cck_rates(mp);
@@ -701,9 +701,6 @@ minstrel_alloc(struct ieee80211_hw *hw,
@@ -684,9 +684,6 @@ minstrel_alloc(struct ieee80211_hw *hw,
static void
minstrel_free(void *priv)
{
@@ -31,7 +31,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
kfree(priv);
}
@@ -735,7 +732,6 @@ const struct rate_control_ops mac80211_m
@@ -718,7 +715,6 @@ const struct rate_control_ops mac80211_m
.free_sta = minstrel_free_sta,
#ifdef CPTCFG_MAC80211_DEBUGFS
.add_sta_debugfs = minstrel_add_sta_debugfs,
@@ -41,7 +41,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
};
--- a/net/mac80211/rc80211_minstrel.h
+++ b/net/mac80211/rc80211_minstrel.h
@@ -109,11 +109,6 @@ struct minstrel_sta_info {
@@ -108,11 +108,6 @@ struct minstrel_sta_info {
/* sampling table */
u8 *sample_table;
@@ -53,7 +53,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
};
struct minstrel_priv {
@@ -137,7 +132,6 @@ struct minstrel_priv {
@@ -136,7 +131,6 @@ struct minstrel_priv {
* - setting will be applied on next update
*/
u32 fixed_rate_idx;
@@ -61,7 +61,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
#endif
};
@@ -156,7 +150,6 @@ minstrel_get_ewmsd10(struct minstrel_rat
@@ -155,7 +149,6 @@ minstrel_get_ewmsd10(struct minstrel_rat
extern const struct rate_control_ops mac80211_minstrel;
void minstrel_add_sta_debugfs(void *priv, void *priv_sta, struct dentry *dir);

6
package/kernel/mac80211/patches/subsys/305-mac80211-minstrel-merge-with-minstrel_ht-always-enab.patch
View File

@@ -117,7 +117,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
#endif /* IEEE80211_RATE_H */
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -572,138 +572,6 @@ minstrel_rate_init(void *priv, struct ie
@@ -555,138 +555,6 @@ minstrel_rate_init(void *priv, struct ie
minstrel_update_rates(mp, mi);
}
@@ -256,7 +256,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
static u32 minstrel_get_expected_throughput(void *priv_sta)
{
struct minstrel_sta_info *mi = priv_sta;
@@ -722,28 +590,8 @@ static u32 minstrel_get_expected_through
@@ -705,28 +573,8 @@ static u32 minstrel_get_expected_through
}
const struct rate_control_ops mac80211_minstrel = {
@@ -287,7 +287,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
-}
--- a/net/mac80211/rc80211_minstrel.h
+++ b/net/mac80211/rc80211_minstrel.h
@@ -158,7 +158,5 @@ int minstrel_get_tp_avg(struct minstrel_
@@ -157,7 +157,5 @@ int minstrel_get_tp_avg(struct minstrel_
/* debugfs */
int minstrel_stats_open(struct inode *inode, struct file *file);
int minstrel_stats_csv_open(struct inode *inode, struct file *file);

2
package/kernel/mac80211/patches/subsys/316-mac80211-minstrel_ht-improve-rate-probing-for-device.patch
View File

@@ -41,7 +41,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/net/mac80211/rc80211_minstrel.h
+++ b/net/mac80211/rc80211_minstrel.h
@@ -114,6 +114,7 @@ struct minstrel_sta_info {
@@ -113,6 +113,7 @@ struct minstrel_sta_info {
struct minstrel_priv {
struct ieee80211_hw *hw;
bool has_mrr;

4
package/kernel/mac80211/patches/subsys/320-mac80211-Add-TXQ-scheduling-API.patch
View File

@@ -191,7 +191,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -1249,7 +1249,7 @@ void ieee80211_sta_ps_deliver_wakeup(str
@@ -1261,7 +1261,7 @@ void ieee80211_sta_ps_deliver_wakeup(str
if (!txq_has_queue(sta->sta.txq[i]))
continue;
@@ -229,7 +229,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
return true;
}
@@ -3620,6 +3624,60 @@ out:
@@ -3631,6 +3635,60 @@ out:
}
EXPORT_SYMBOL(ieee80211_tx_dequeue);

6
package/kernel/mac80211/patches/subsys/321-cfg80211-Add-airtime-statistics-and-settings.patch
View File

@@ -156,7 +156,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
};
/* policy for the key attributes */
@@ -4709,6 +4710,11 @@ static int nl80211_send_station(struct s
@@ -4715,6 +4716,11 @@ static int nl80211_send_station(struct s
PUT_SINFO(PLID, plid, u16);
PUT_SINFO(PLINK_STATE, plink_state, u8);
PUT_SINFO_U64(RX_DURATION, rx_duration);
@@ -168,7 +168,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
switch (rdev->wiphy.signal_type) {
case CFG80211_SIGNAL_TYPE_MBM:
@@ -5345,6 +5351,15 @@ static int nl80211_set_station(struct sk
@@ -5351,6 +5357,15 @@ static int nl80211_set_station(struct sk
nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
}
@@ -184,7 +184,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
/* Include parameters for TDLS peer (will check later) */
err = nl80211_set_station_tdls(info, &params);
if (err)
@@ -5483,6 +5498,15 @@ static int nl80211_new_station(struct sk
@@ -5489,6 +5504,15 @@ static int nl80211_new_station(struct sk
return -EINVAL;
}

12
package/kernel/mac80211/patches/subsys/322-mac80211-Add-airtime-accounting-and-scheduling-to-TX.patch
View File

@@ -125,7 +125,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* The values are not guaranteed to be coherent with regard to each other, i.e.
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1390,6 +1390,9 @@ static int sta_apply_parameters(struct i
@@ -1391,6 +1391,9 @@ static int sta_apply_parameters(struct i
if (ieee80211_vif_is_mesh(&sdata->vif))
sta_apply_mesh_params(local, sta, params);
@@ -289,7 +289,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
}
}
@@ -381,9 +378,12 @@ struct sta_info *sta_info_alloc(struct i
@@ -399,9 +396,12 @@ struct sta_info *sta_info_alloc(struct i
if (sta_prepare_rate_control(local, sta, gfp))
goto free_txq;
@@ -302,7 +302,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
}
for (i = 0; i < IEEE80211_NUM_TIDS; i++)
@@ -1826,6 +1826,27 @@ void ieee80211_sta_set_buffered(struct i
@@ -1838,6 +1838,27 @@ void ieee80211_sta_set_buffered(struct i
}
EXPORT_SYMBOL(ieee80211_sta_set_buffered);
@@ -330,7 +330,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
int sta_info_move_state(struct sta_info *sta,
enum ieee80211_sta_state new_state)
{
@@ -2192,6 +2213,23 @@ void sta_set_sinfo(struct sta_info *sta,
@@ -2208,6 +2229,23 @@ void sta_set_sinfo(struct sta_info *sta,
sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
}
@@ -412,7 +412,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
spin_lock_bh(&local->active_txq_lock[txqi->txq.ac]);
list_del_init(&txqi->schedule_order);
spin_unlock_bh(&local->active_txq_lock[txqi->txq.ac]);
@@ -3631,11 +3634,28 @@ struct ieee80211_txq *ieee80211_next_txq
@@ -3642,11 +3645,28 @@ struct ieee80211_txq *ieee80211_next_txq
lockdep_assert_held(&local->active_txq_lock[ac]);
@@ -442,7 +442,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
return NULL;
list_del_init(&txqi->schedule_order);
@@ -3653,12 +3673,74 @@ void ieee80211_return_txq(struct ieee802
@@ -3664,12 +3684,74 @@ void ieee80211_return_txq(struct ieee802
lockdep_assert_held(&local->active_txq_lock[txq->ac]);
if (list_empty(&txqi->schedule_order) &&

2
package/kernel/mac80211/patches/subsys/323-mac80211-Expose-ieee80211_schedule_txq-function.patch
View File

@@ -51,7 +51,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -3693,6 +3693,19 @@ void ieee80211_return_txq(struct ieee802
@@ -3704,6 +3704,19 @@ void ieee80211_return_txq(struct ieee802
}
EXPORT_SYMBOL(ieee80211_return_txq);

34
package/kernel/mac80211/patches/subsys/331-mac80211-do-not-allow-bigger-VHT-MPDUs-than-the-hard.patch
View File

@@ -1,34 +0,0 @@
From: Felix Fietkau <nbd@nbd.name>
Date: Thu, 17 Sep 2020 12:07:19 +0200
Subject: [PATCH] mac80211: do not allow bigger VHT MPDUs than the hardware
supports
Limit maximum VHT MPDU size by local capability
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
--- a/net/mac80211/vht.c
+++ b/net/mac80211/vht.c
@@ -170,10 +170,7 @@ ieee80211_vht_cap_ie_to_sta_vht_cap(stru
/* take some capabilities as-is */
cap_info = le32_to_cpu(vht_cap_ie->vht_cap_info);
vht_cap->cap = cap_info;
- vht_cap->cap &= IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_3895 |
- IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_7991 |
- IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454 |
- IEEE80211_VHT_CAP_RXLDPC |
+ vht_cap->cap &= IEEE80211_VHT_CAP_RXLDPC |
IEEE80211_VHT_CAP_VHT_TXOP_PS |
IEEE80211_VHT_CAP_HTC_VHT |
IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK |
@@ -182,6 +179,9 @@ ieee80211_vht_cap_ie_to_sta_vht_cap(stru
IEEE80211_VHT_CAP_RX_ANTENNA_PATTERN |
IEEE80211_VHT_CAP_TX_ANTENNA_PATTERN;
+ vht_cap->cap |= min_t(u32, cap_info & IEEE80211_VHT_CAP_MAX_MPDU_MASK,
+ own_cap.cap & IEEE80211_VHT_CAP_MAX_MPDU_MASK);
+
/* and some based on our own capabilities */
switch (own_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) {
case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ:

6
package/kernel/mac80211/patches/subsys/350-mac80211-add-hdrlen-to-ieee80211_tx_data.patch
View File

@@ -48,7 +48,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (likely(sta)) {
if (!IS_ERR(sta))
tx->sta = sta;
@@ -3525,6 +3525,7 @@ begin:
@@ -3536,6 +3536,7 @@ begin:
tx.local = local;
tx.skb = skb;
tx.sdata = vif_to_sdata(info->control.vif);
@@ -56,7 +56,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (txq->sta) {
tx.sta = container_of(txq->sta, struct sta_info, sta);
@@ -3569,7 +3570,7 @@ begin:
@@ -3580,7 +3581,7 @@ begin:
if (tx.key &&
(tx.key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))
@@ -65,7 +65,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
ieee80211_xmit_fast_finish(sta->sdata, sta, pn_offs,
tx.key, skb);
@@ -4028,6 +4029,7 @@ ieee80211_build_data_template(struct iee
@@ -4039,6 +4040,7 @@ ieee80211_build_data_template(struct iee
hdr = (void *)skb->data;
tx.sta = sta_info_get(sdata, hdr->addr1);
tx.skb = skb;

14
package/kernel/mac80211/patches/subsys/351-mac80211-add-TX_NEEDS_ALIGNED4_SKBS-hw-flag.patch
View File

@@ -227,7 +227,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (likely(sta)) {
if (!IS_ERR(sta))
@@ -2222,7 +2221,7 @@ netdev_tx_t ieee80211_monitor_start_xmit
@@ -2233,7 +2232,7 @@ netdev_tx_t ieee80211_monitor_start_xmit
goto fail;
hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr);
@@ -236,7 +236,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (skb->len < len_rthdr + hdrlen)
goto fail;
@@ -2441,7 +2440,7 @@ static struct sk_buff *ieee80211_build_h
@@ -2452,7 +2451,7 @@ static struct sk_buff *ieee80211_build_h
struct ieee80211_chanctx_conf *chanctx_conf;
struct ieee80211_sub_if_data *ap_sdata;
enum nl80211_band band;
@@ -245,7 +245,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (IS_ERR(sta))
sta = NULL;
@@ -2740,7 +2739,9 @@ static struct sk_buff *ieee80211_build_h
@@ -2751,7 +2750,9 @@ static struct sk_buff *ieee80211_build_h
}
skb_pull(skb, skip_header_bytes);
@@ -255,7 +255,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
/*
* So we need to modify the skb header and hence need a copy of
@@ -2773,6 +2774,9 @@ static struct sk_buff *ieee80211_build_h
@@ -2784,6 +2785,9 @@ static struct sk_buff *ieee80211_build_h
memcpy(skb_push(skb, meshhdrlen), &mesh_hdr, meshhdrlen);
#endif
@@ -265,7 +265,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (ieee80211_is_data_qos(fc)) {
__le16 *qos_control;
@@ -2949,6 +2953,8 @@ void ieee80211_check_fast_xmit(struct st
@@ -2960,6 +2964,8 @@ void ieee80211_check_fast_xmit(struct st
fc |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
}
@@ -274,7 +274,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
/* We store the key here so there's no point in using rcu_dereference()
* but that's fine because the code that changes the pointers will call
* this function after doing so. For a single CPU that would be enough,
@@ -3525,7 +3531,7 @@ begin:
@@ -3536,7 +3542,7 @@ begin:
tx.local = local;
tx.skb = skb;
tx.sdata = vif_to_sdata(info->control.vif);
@@ -283,7 +283,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (txq->sta) {
tx.sta = container_of(txq->sta, struct sta_info, sta);
@@ -4029,7 +4035,7 @@ ieee80211_build_data_template(struct iee
@@ -4040,7 +4046,7 @@ ieee80211_build_data_template(struct iee
hdr = (void *)skb->data;
tx.sta = sta_info_get(sdata, hdr->addr1);
tx.skb = skb;

10
package/kernel/mac80211/patches/subsys/352-mac80211-rework-locking-for-txq-scheduling-airtime-f.patch
View File

@@ -95,7 +95,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ieee80211_txq_may_transmit - check whether TXQ is allowed to transmit
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -3637,16 +3637,17 @@ EXPORT_SYMBOL(ieee80211_tx_dequeue);
@@ -3648,16 +3648,17 @@ EXPORT_SYMBOL(ieee80211_tx_dequeue);
struct ieee80211_txq *ieee80211_next_txq(struct ieee80211_hw *hw, u8 ac)
{
struct ieee80211_local *local = hw_to_local(hw);
@@ -115,7 +115,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (txqi->txq.sta) {
struct sta_info *sta = container_of(txqi->txq.sta,
@@ -3663,21 +3664,25 @@ struct ieee80211_txq *ieee80211_next_txq
@@ -3674,21 +3675,25 @@ struct ieee80211_txq *ieee80211_next_txq
if (txqi->schedule_round == local->schedule_round[ac])
@@ -146,7 +146,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (list_empty(&txqi->schedule_order) &&
(!skb_queue_empty(&txqi->frags) || txqi->tin.backlog_packets)) {
@@ -3697,18 +3702,7 @@ void ieee80211_return_txq(struct ieee802
@@ -3708,18 +3713,7 @@ void ieee80211_return_txq(struct ieee802
list_add_tail(&txqi->schedule_order,
&local->active_txqs[txq->ac]);
}
@@ -165,7 +165,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
spin_unlock_bh(&local->active_txq_lock[txq->ac]);
}
EXPORT_SYMBOL(ieee80211_schedule_txq);
@@ -3721,7 +3715,7 @@ bool ieee80211_txq_may_transmit(struct i
@@ -3732,7 +3726,7 @@ bool ieee80211_txq_may_transmit(struct i
struct sta_info *sta;
u8 ac = txq->ac;
@@ -174,7 +174,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (!txqi->txq.sta)
goto out;
@@ -3751,34 +3745,27 @@ bool ieee80211_txq_may_transmit(struct i
@@ -3762,34 +3756,27 @@ bool ieee80211_txq_may_transmit(struct i
sta->airtime[ac].deficit += sta->airtime_weight;
list_move_tail(&txqi->schedule_order, &local->active_txqs[ac]);

6
package/kernel/mac80211/patches/subsys/354-mac80211-calculate-hash-for-fq-without-holding-fq-lo.patch
View File

@@ -111,7 +111,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
schedule_and_wake_txq(local, txqi);
@@ -3200,6 +3201,7 @@ static bool ieee80211_amsdu_aggregate(st
@@ -3211,6 +3212,7 @@ static bool ieee80211_amsdu_aggregate(st
u8 max_subframes = sta->sta.max_amsdu_subframes;
int max_frags = local->hw.max_tx_fragments;
int max_amsdu_len = sta->sta.max_amsdu_len;
@@ -119,7 +119,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
int orig_truesize;
__be16 len;
void *data;
@@ -3222,6 +3224,8 @@ static bool ieee80211_amsdu_aggregate(st
@@ -3233,6 +3235,8 @@ static bool ieee80211_amsdu_aggregate(st
max_amsdu_len = min_t(int, max_amsdu_len,
sta->sta.max_rc_amsdu_len);
@@ -128,7 +128,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
spin_lock_bh(&fq->lock);
/* TODO: Ideally aggregation should be done on dequeue to remain
@@ -3229,7 +3233,8 @@ static bool ieee80211_amsdu_aggregate(st
@@ -3240,7 +3244,8 @@ static bool ieee80211_amsdu_aggregate(st
*/
tin = &txqi->tin;

8
package/kernel/mac80211/patches/subsys/355-mac80211-run-late-dequeue-late-tx-handlers-without-h.patch
View File

@@ -10,7 +10,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -3507,6 +3507,7 @@ struct sk_buff *ieee80211_tx_dequeue(str
@@ -3518,6 +3518,7 @@ struct sk_buff *ieee80211_tx_dequeue(str
ieee80211_tx_result r;
struct ieee80211_vif *vif = txq->vif;
@@ -18,7 +18,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
spin_lock_bh(&fq->lock);
if (test_bit(IEEE80211_TXQ_STOP, &txqi->flags) ||
@@ -3523,11 +3524,12 @@ struct sk_buff *ieee80211_tx_dequeue(str
@@ -3534,11 +3535,12 @@ struct sk_buff *ieee80211_tx_dequeue(str
if (skb)
goto out;
@@ -32,7 +32,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
hdr = (struct ieee80211_hdr *)skb->data;
info = IEEE80211_SKB_CB(skb);
@@ -3591,8 +3593,11 @@ begin:
@@ -3602,8 +3604,11 @@ begin:
skb = __skb_dequeue(&tx.skbs);
@@ -45,7 +45,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
}
if (skb && skb_has_frag_list(skb) &&
@@ -3631,6 +3636,7 @@ begin:
@@ -3642,6 +3647,7 @@ begin:
}
IEEE80211_SKB_CB(skb)->control.vif = vif;

55
package/kernel/mac80211/patches/subsys/357-mac80211-optimize-skb-resizing.patch
View File

@@ -50,33 +50,39 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (WARN_ON_ONCE(skb_headroom(skb) < rtap_len)) {
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1914,37 +1914,53 @@ static bool ieee80211_tx(struct ieee8021
@@ -1914,42 +1914,53 @@ static bool ieee80211_tx(struct ieee8021
}
/* device xmit handlers */
-
-enum ieee80211_encrypt {
- ENCRYPT_NO,
- ENCRYPT_MGMT,
- ENCRYPT_DATA,
-};
-
-static int ieee80211_skb_resize(struct ieee80211_sub_if_data *sdata,
- struct sk_buff *skb,
- int head_need, bool may_encrypt)
- int head_need,
- enum ieee80211_encrypt encrypt)
+int ieee80211_skb_resize(struct ieee80211_local *local,
+ struct ieee80211_sub_if_data *sdata,
+ struct sk_buff *skb, int hdr_len, int hdr_extra)
{
- struct ieee80211_local *local = sdata->local;
+ struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
struct ieee80211_hdr *hdr;
- bool enc_tailroom;
- int tail_need = 0;
-
- hdr = (struct ieee80211_hdr *) skb->data;
- enc_tailroom = may_encrypt &&
- (sdata->crypto_tx_tailroom_needed_cnt ||
- ieee80211_is_mgmt(hdr->frame_control));
- enc_tailroom = encrypt == ENCRYPT_MGMT ||
- (encrypt == ENCRYPT_DATA &&
- sdata->crypto_tx_tailroom_needed_cnt);
-
- if (enc_tailroom) {
- tail_need = IEEE80211_ENCRYPT_TAILROOM;
- tail_need -= skb_tailroom(skb);
- tail_need = max_t(int, tail_need, 0);
+ struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+ struct ieee80211_hdr *hdr;
+ int head_need, head_max;
+ int tail_need, tail_max;
+ bool enc_tailroom = false;
@@ -123,27 +129,34 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
wiphy_debug(local->hw.wiphy,
"failed to reallocate TX buffer\n");
return -ENOMEM;
@@ -1960,18 +1976,8 @@ void ieee80211_xmit(struct ieee80211_sub
@@ -1964,24 +1975,9 @@ void ieee80211_xmit(struct ieee80211_sub
{
struct ieee80211_local *local = sdata->local;
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
struct ieee80211_hdr *hdr;
- struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
- int headroom;
- bool may_encrypt;
- enum ieee80211_encrypt encrypt;
-
- if (info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)
- encrypt = ENCRYPT_NO;
- else if (ieee80211_is_mgmt(hdr->frame_control))
- encrypt = ENCRYPT_MGMT;
- else
- encrypt = ENCRYPT_DATA;
-
- may_encrypt = !(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT);
- headroom = local->tx_headroom;
- if (may_encrypt)
- if (encrypt != ENCRYPT_NO)
- headroom += sdata->encrypt_headroom;
- headroom -= skb_headroom(skb);
- headroom = max_t(int, 0, headroom);
-
- if (ieee80211_skb_resize(sdata, skb, headroom, may_encrypt)) {
+ struct ieee80211_hdr *hdr;
- if (ieee80211_skb_resize(sdata, skb, headroom, encrypt)) {
+ if (ieee80211_skb_resize(local, sdata, skb, 0, 0)) {
ieee80211_free_txskb(&local->hw, skb);
return;
}
@@ -2741,30 +2747,14 @@ static struct sk_buff *ieee80211_build_h
@@ -2752,30 +2748,14 @@ static struct sk_buff *ieee80211_build_h
skb_pull(skb, skip_header_bytes);
padsize = ieee80211_hdr_padsize(&local->hw, hdrlen);
@@ -167,7 +180,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
- head_need += sdata->encrypt_headroom;
- head_need += local->tx_headroom;
- head_need = max_t(int, 0, head_need);
- if (ieee80211_skb_resize(sdata, skb, head_need, true)) {
- if (ieee80211_skb_resize(sdata, skb, head_need, ENCRYPT_DATA)) {
- ieee80211_free_txskb(&local->hw, skb);
- skb = NULL;
- return ERR_PTR(-ENOMEM);
@@ -180,7 +193,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
}
if (encaps_data)
@@ -3377,7 +3367,6 @@ static bool ieee80211_xmit_fast(struct i
@@ -3388,7 +3368,6 @@ static bool ieee80211_xmit_fast(struct i
struct ieee80211_local *local = sdata->local;
u16 ethertype = (skb->data[12] << 8) | skb->data[13];
int extra_head = fast_tx->hdr_len - (ETH_HLEN - 2);
@@ -188,14 +201,14 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
struct ethhdr eth;
struct ieee80211_tx_info *info;
struct ieee80211_hdr *hdr = (void *)fast_tx->hdr;
@@ -3429,10 +3418,7 @@ static bool ieee80211_xmit_fast(struct i
@@ -3440,10 +3419,7 @@ static bool ieee80211_xmit_fast(struct i
* as the may-encrypt argument for the resize to not account for
* more room than we already have in 'extra_head'
*/
- if (unlikely(ieee80211_skb_resize(sdata, skb,
- max_t(int, extra_head + hw_headroom -
- skb_headroom(skb), 0),
- false))) {
- ENCRYPT_NO))) {
+ if (unlikely(ieee80211_skb_resize(local, sdata, skb, extra_head, 0))) {
kfree_skb(skb);
return true;

6
package/kernel/mac80211/patches/subsys/358-mac80211-make-ieee80211_schedule_txq-schedule-empty-.patch
View File

@@ -72,7 +72,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
/**
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -3673,8 +3673,9 @@ out:
@@ -3674,8 +3674,9 @@ out:
}
EXPORT_SYMBOL(ieee80211_next_txq);
@@ -84,7 +84,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
{
struct ieee80211_local *local = hw_to_local(hw);
struct txq_info *txqi = to_txq_info(txq);
@@ -3682,7 +3683,8 @@ void ieee80211_schedule_txq(struct ieee8
@@ -3683,7 +3684,8 @@ void ieee80211_schedule_txq(struct ieee8
spin_lock_bh(&local->active_txq_lock[txq->ac]);
if (list_empty(&txqi->schedule_order) &&
@@ -94,7 +94,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
/* If airtime accounting is active, always enqueue STAs at the
* head of the list to ensure that they only get moved to the
* back by the airtime DRR scheduler once they have a negative
@@ -3702,7 +3704,7 @@ void ieee80211_schedule_txq(struct ieee8
@@ -3703,7 +3705,7 @@ void ieee80211_schedule_txq(struct ieee8
spin_unlock_bh(&local->active_txq_lock[txq->ac]);
}

4
package/kernel/mac80211/patches/subsys/360-mac80211-when-using-iTXQ-select-the-queue-in-ieee802.patch
View File

@@ -13,7 +13,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -3772,6 +3772,7 @@ void __ieee80211_subif_start_xmit(struct
@@ -3773,6 +3773,7 @@ void __ieee80211_subif_start_xmit(struct
u32 ctrl_flags)
{
struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
@@ -21,7 +21,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
struct sta_info *sta;
struct sk_buff *next;
@@ -3785,7 +3786,15 @@ void __ieee80211_subif_start_xmit(struct
@@ -3786,7 +3787,15 @@ void __ieee80211_subif_start_xmit(struct
if (ieee80211_lookup_ra_sta(sdata, skb, &sta))
goto out_free;

6
package/kernel/mac80211/patches/subsys/362-mac80211-minstrel-remove-divisions-in-tx-status-path.patch
View File

@@ -11,9 +11,9 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -295,8 +295,7 @@ minstrel_tx_status(void *priv, struct ie
if (mi->sample_deferred > 0)
mi->sample_deferred--;
@@ -289,8 +289,7 @@ minstrel_tx_status(void *priv, struct ie
mi->r[ndx].stats.success += success;
}
- if (time_after(jiffies, mi->last_stats_update +
- (mp->update_interval * HZ) / 1000))

10
package/kernel/mac80211/patches/subsys/363-mac80211-minstrel_ht-replace-rate-stats-ewma-with-a-.patch
View File

@@ -64,9 +64,9 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
/* Sample less often below the 10% chance of success.
* Sample less often above the 95% chance of success. */
@@ -295,7 +299,8 @@ minstrel_tx_status(void *priv, struct ie
if (mi->sample_deferred > 0)
mi->sample_deferred--;
@@ -289,7 +293,8 @@ minstrel_tx_status(void *priv, struct ie
mi->r[ndx].stats.success += success;
}
- if (time_after(jiffies, mi->last_stats_update + mp->update_interval))
+ if (time_after(jiffies, mi->last_stats_update +
@@ -149,7 +149,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
/* statistis of packet delivery probability
* prob_ewma - exponential weighted moving average of prob
* prob_ewmsd - exp. weighted moving standard deviation of prob */
@@ -114,6 +166,7 @@ struct minstrel_sta_info {
@@ -113,6 +165,7 @@ struct minstrel_sta_info {
struct minstrel_priv {
struct ieee80211_hw *hw;
bool has_mrr;
@@ -157,7 +157,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
u32 sample_switch;
unsigned int cw_min;
unsigned int cw_max;
@@ -153,7 +206,8 @@ extern const struct rate_control_ops mac
@@ -152,7 +205,8 @@ extern const struct rate_control_ops mac
void minstrel_add_sta_debugfs(void *priv, void *priv_sta, struct dentry *dir);
/* Recalculate success probabilities and counters for a given rate using EWMA */

6
package/kernel/mac80211/patches/subsys/364-mac80211-minstrel_ht-rename-prob_ewma-to-prob_avg-us.patch
View File

@@ -106,7 +106,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
tmp_prob_rate = i;
}
}
@@ -436,7 +436,7 @@ minstrel_get_rate(void *priv, struct iee
@@ -418,7 +418,7 @@ minstrel_get_rate(void *priv, struct iee
* has a probability of >95%, we shouldn't be attempting
* to use it, as this only wastes precious airtime */
if (!mrr_capable &&
@@ -115,7 +115,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
return;
mi->prev_sample = true;
@@ -587,7 +587,7 @@ static u32 minstrel_get_expected_through
@@ -570,7 +570,7 @@ static u32 minstrel_get_expected_through
* computing cur_tp
*/
tmp_mrs = &mi->r[idx].stats;
@@ -174,7 +174,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
/* maximum retry counts */
u8 retry_count;
u8 retry_count_rtscts;
@@ -208,7 +205,7 @@ void minstrel_add_sta_debugfs(void *priv
@@ -207,7 +204,7 @@ void minstrel_add_sta_debugfs(void *priv
/* Recalculate success probabilities and counters for a given rate using EWMA */
void minstrel_calc_rate_stats(struct minstrel_priv *mp,
struct minstrel_rate_stats *mrs);

2
package/kernel/mac80211/patches/subsys/367-mac80211-sta-randomize-BA-session-dialog-token-alloc.patch
View File

@@ -28,7 +28,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -322,6 +322,7 @@ struct sta_info *sta_info_alloc(struct i
@@ -340,6 +340,7 @@ struct sta_info *sta_info_alloc(struct i
INIT_WORK(&sta->drv_deliver_wk, sta_deliver_ps_frames);
INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
mutex_init(&sta->ampdu_mlme.mtx);

2
package/kernel/mac80211/patches/subsys/368-cfg80211-add-local-BSS-receive-time-to-survey-inform.patch
View File

@@ -64,7 +64,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
__NL80211_SURVEY_INFO_AFTER_LAST,
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -8373,6 +8373,10 @@ static int nl80211_send_survey(struct sk
@@ -8379,6 +8379,10 @@ static int nl80211_send_survey(struct sk
nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
survey->time_scan, NL80211_SURVEY_INFO_PAD))
goto nla_put_failure;

31
package/kernel/mac80211/patches/subsys/370-mac80211-fix-misplaced-while-instead-of-if.patch
View File

@@ -1,31 +0,0 @@
From 5981fe5b0529ba25d95f37d7faa434183ad618c5 Mon Sep 17 00:00:00 2001
From: Johannes Berg <johannes.berg@intel.com>
Date: Mon, 3 Aug 2020 11:02:10 +0200
Subject: [PATCH] mac80211: fix misplaced while instead of if
This never was intended to be a 'while' loop, it should've
just been an 'if' instead of 'while'. Fix this.
I noticed this while applying another patch from Ben that
intended to fix a busy loop at this spot.
Cc: stable@vger.kernel.org
Fixes: b16798f5b907 ("mac80211: mark station unauthorized before key removal")
Reported-by: Ben Greear <greearb@candelatech.com>
Link: https://lore.kernel.org/r/20200803110209.253009ae41ff.I3522aad099392b31d5cf2dcca34cbac7e5832dde@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
net/mac80211/sta_info.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -980,7 +980,7 @@ static void __sta_info_destroy_part2(str
might_sleep();
lockdep_assert_held(&local->sta_mtx);
- while (sta->sta_state == IEEE80211_STA_AUTHORIZED) {
+ if (sta->sta_state == IEEE80211_STA_AUTHORIZED) {
ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
WARN_ON_ONCE(ret);
}

6
package/kernel/mac80211/patches/subsys/522-mac80211_configure_antenna_gain.patch
View File

@@ -57,7 +57,7 @@
__NL80211_ATTR_AFTER_LAST,
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -2457,6 +2457,19 @@ static int ieee80211_get_tx_power(struct
@@ -2458,6 +2458,19 @@ static int ieee80211_get_tx_power(struct
return 0;
}
@@ -77,7 +77,7 @@
static int ieee80211_set_wds_peer(struct wiphy *wiphy, struct net_device *dev,
const u8 *addr)
{
@@ -3846,6 +3859,7 @@ const struct cfg80211_ops mac80211_confi
@@ -3847,6 +3860,7 @@ const struct cfg80211_ops mac80211_confi
.set_wiphy_params = ieee80211_set_wiphy_params,
.set_tx_power = ieee80211_set_tx_power,
.get_tx_power = ieee80211_get_tx_power,
@@ -137,7 +137,7 @@
};
/* policy for the key attributes */
@@ -2629,6 +2630,20 @@ static int nl80211_set_wiphy(struct sk_b
@@ -2632,6 +2633,20 @@ static int nl80211_set_wiphy(struct sk_b
if (result)
return result;
}

4
package/libs/mbedtls/Makefile
View File

@@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=mbedtls
PKG_VERSION:=2.16.8
PKG_VERSION:=2.16.9
PKG_RELEASE:=1
PKG_USE_MIPS16:=0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=fe9e3b15c3375943bdfebbbb20dd6b4f1147b3b5d926248bd835d73247407430
PKG_HASH:=fc17ff7d8c11d08f23ae2800a18269408ad2c24ea6bb8b9363e41a01c2425697
PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=GPL-2.0+

4
package/libs/openssl/Makefile
View File

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=openssl
PKG_BASE:=1.1.1
PKG_BUGFIX:=h
PKG_BUGFIX:=i
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
PKG_RELEASE:=1
PKG_USE_MIPS16:=0
@@ -24,7 +24,7 @@ PKG_SOURCE_URL:= \
ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
http://www.openssl.org/source/ \
http://www.openssl.org/source/old/$(PKG_BASE)/
PKG_HASH:=5c9ca8774bd7b03e5784f26ae9e9e6d749c9da2438545077e6b3d755a06595d9
PKG_HASH:=e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242
PKG_LICENSE:=OpenSSL
PKG_LICENSE_FILES:=LICENSE

2
package/network/services/dnsmasq/Makefile
View File

@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=dnsmasq
PKG_UPSTREAM_VERSION:=2.80
PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
PKG_RELEASE:=16.1
PKG_RELEASE:=16.2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq

375
package/network/services/dnsmasq/patches/0102-Fix-remote-buffer-overflow-CERT-VU-434904.patch Normal file
View File

@@ -0,0 +1,375 @@
From 4e96a4be685c9e4445f6ee79ad0b36b9119b502a Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed, 11 Nov 2020 23:25:04 +0000
Subject: Fix remote buffer overflow CERT VU#434904
The problem is in the sort_rrset() function and allows a remote
attacker to overwrite memory. Any dnsmasq instance with DNSSEC
enabled is vulnerable.
---
CHANGELOG | 7 +-
src/dnssec.c | 273 ++++++++++++++++++++++++++++-----------------------
2 files changed, 158 insertions(+), 122 deletions(-)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,9 @@
+ Fix a remote buffer overflow problem in the DNSSEC code. Any
+ dnsmasq with DNSSEC compiled in and enabled is vulnerable to this,
+ referenced by CERT VU#434904.
+
+
+>>>>>>> Fix remote buffer overflow CERT VU#434904
version 2.81
Impove cache behaviour for TCP connections. For ease of
implementaion, dnsmasq has always forked a new process to handle
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -222,138 +222,147 @@ static int check_date_range(u32 date_sta
&& serial_compare_32(curtime, date_end) == SERIAL_LT;
}
-/* Return bytes of canonicalised rdata, when the return value is zero, the remaining
- data, pointed to by *p, should be used raw. */
-static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff, int bufflen,
- unsigned char **p, u16 **desc)
+/* Return bytes of canonicalised rrdata one by one.
+ Init state->ip with the RR, and state->end with the end of same.
+ Init state->op to NULL.
+ Init state->desc to RR descriptor.
+ Init state->buff with a MAXDNAME * 2 buffer.
+
+ After each call which returns 1, state->op points to the next byte of data.
+ On returning 0, the end has been reached.
+*/
+struct rdata_state {
+ u16 *desc;
+ size_t c;
+ unsigned char *end, *ip, *op;
+ char *buff;
+};
+
+static int get_rdata(struct dns_header *header, size_t plen, struct rdata_state *state)
{
- int d = **desc;
+ int d;
- /* No more data needs mangling */
- if (d == (u16)-1)
+ if (state->op && state->c != 1)
{
- /* If there's more data than we have space for, just return what fits,
- we'll get called again for more chunks */
- if (end - *p > bufflen)
- {
- memcpy(buff, *p, bufflen);
- *p += bufflen;
- return bufflen;
- }
-
- return 0;
+ state->op++;
+ state->c--;
+ return 1;
}
-
- (*desc)++;
-
- if (d == 0 && extract_name(header, plen, p, buff, 1, 0))
- /* domain-name, canonicalise */
- return to_wire(buff);
- else
- {
- /* plain data preceding a domain-name, don't run off the end of the data */
- if ((end - *p) < d)
- d = end - *p;
+
+ while (1)
+ {
+ d = *(state->desc);
- if (d != 0)
+ if (d == (u16)-1)
{
- memcpy(buff, *p, d);
- *p += d;
+ /* all the bytes to the end. */
+ if ((state->c = state->end - state->ip) != 0)
+ {
+ state->op = state->ip;
+ state->ip = state->end;;
+ }
+ else
+ return 0;
+ }
+ else
+ {
+ state->desc++;
+
+ if (d == (u16)0)
+ {
+ /* domain-name, canonicalise */
+ int len;
+
+ if (!extract_name(header, plen, &state->ip, state->buff, 1, 0) ||
+ (len = to_wire(state->buff)) == 0)
+ continue;
+
+ state->c = len;
+ state->op = (unsigned char *)state->buff;
+ }
+ else
+ {
+ /* plain data preceding a domain-name, don't run off the end of the data */
+ if ((state->end - state->ip) < d)
+ d = state->end - state->ip;
+
+ if (d == 0)
+ continue;
+
+ state->op = state->ip;
+ state->c = d;
+ state->ip += d;
+ }
}
- return d;
+ return 1;
}
}
-/* Bubble sort the RRset into the canonical order.
- Note that the byte-streams from two RRs may get unsynced: consider
- RRs which have two domain-names at the start and then other data.
- The domain-names may have different lengths in each RR, but sort equal
-
- ------------
- |abcde|fghi|
- ------------
- |abcd|efghi|
- ------------
-
- leaving the following bytes as deciding the order. Hence the nasty left1 and left2 variables.
-*/
+/* Bubble sort the RRset into the canonical order. */
static int sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int rrsetidx,
unsigned char **rrset, char *buff1, char *buff2)
{
- int swap, quit, i, j;
+ int swap, i, j;
do
{
for (swap = 0, i = 0; i < rrsetidx-1; i++)
{
- int rdlen1, rdlen2, left1, left2, len1, len2, len, rc;
- u16 *dp1, *dp2;
- unsigned char *end1, *end2;
+ int rdlen1, rdlen2;
+ struct rdata_state state1, state2;
+
/* Note that these have been determined to be OK previously,
so we don't need to check for NULL return here. */
- unsigned char *p1 = skip_name(rrset[i], header, plen, 10);
- unsigned char *p2 = skip_name(rrset[i+1], header, plen, 10);
-
- p1 += 8; /* skip class, type, ttl */
- GETSHORT(rdlen1, p1);
- end1 = p1 + rdlen1;
-
- p2 += 8; /* skip class, type, ttl */
- GETSHORT(rdlen2, p2);
- end2 = p2 + rdlen2;
-
- dp1 = dp2 = rr_desc;
-
- for (quit = 0, left1 = 0, left2 = 0, len1 = 0, len2 = 0; !quit;)
+ state1.ip = skip_name(rrset[i], header, plen, 10);
+ state2.ip = skip_name(rrset[i+1], header, plen, 10);
+ state1.op = state2.op = NULL;
+ state1.buff = buff1;
+ state2.buff = buff2;
+ state1.desc = state2.desc = rr_desc;
+
+ state1.ip += 8; /* skip class, type, ttl */
+ GETSHORT(rdlen1, state1.ip);
+ if (!CHECK_LEN(header, state1.ip, plen, rdlen1))
+ return rrsetidx; /* short packet */
+ state1.end = state1.ip + rdlen1;
+
+ state2.ip += 8; /* skip class, type, ttl */
+ GETSHORT(rdlen2, state2.ip);
+ if (!CHECK_LEN(header, state2.ip, plen, rdlen2))
+ return rrsetidx; /* short packet */
+ state2.end = state2.ip + rdlen2;
+
+ while (1)
{
- if (left1 != 0)
- memmove(buff1, buff1 + len1 - left1, left1);
-
- if ((len1 = get_rdata(header, plen, end1, buff1 + left1, (MAXDNAME * 2) - left1, &p1, &dp1)) == 0)
- {
- quit = 1;
- len1 = end1 - p1;
- memcpy(buff1 + left1, p1, len1);
- }
- len1 += left1;
-
- if (left2 != 0)
- memmove(buff2, buff2 + len2 - left2, left2);
-
- if ((len2 = get_rdata(header, plen, end2, buff2 + left2, (MAXDNAME *2) - left2, &p2, &dp2)) == 0)
- {
- quit = 1;
- len2 = end2 - p2;
- memcpy(buff2 + left2, p2, len2);
- }
- len2 += left2;
-
- if (len1 > len2)
- left1 = len1 - len2, left2 = 0, len = len2;
- else
- left2 = len2 - len1, left1 = 0, len = len1;
+ int ok1, ok2;
- rc = (len == 0) ? 0 : memcmp(buff1, buff2, len);
-
- if (rc > 0 || (rc == 0 && quit && len1 > len2))
- {
- unsigned char *tmp = rrset[i+1];
- rrset[i+1] = rrset[i];
- rrset[i] = tmp;
- swap = quit = 1;
- }
- else if (rc == 0 && quit && len1 == len2)
+ ok1 = get_rdata(header, plen, &state1);
+ ok2 = get_rdata(header, plen, &state2);
+
+ if (!ok1 && !ok2)
{
/* Two RRs are equal, remove one copy. RFC 4034, para 6.3 */
for (j = i+1; j < rrsetidx-1; j++)
rrset[j] = rrset[j+1];
rrsetidx--;
i--;
+ break;
+ }
+ else if (ok1 && (!ok2 || *state1.op > *state2.op))
+ {
+ unsigned char *tmp = rrset[i+1];
+ rrset[i+1] = rrset[i];
+ rrset[i] = tmp;
+ swap = 1;
+ break;
}
- else if (rc < 0)
- quit = 1;
+ else if (ok2 && (!ok1 || *state2.op > *state1.op))
+ break;
+
+ /* arrive here when bytes are equal, go round the loop again
+ and compare the next ones. */
}
}
} while (swap);
@@ -549,15 +558,18 @@ static int validate_rrset(time_t now, st
wire_len = to_wire(keyname);
hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname);
from_wire(keyname);
+
+#define RRBUFLEN 300 /* Most RRs are smaller than this. */
for (i = 0; i < rrsetidx; ++i)
{
- int seg;
- unsigned char *end, *cp;
- u16 len, *dp;
+ int j;
+ struct rdata_state state;
+ u16 len;
+ unsigned char rrbuf[RRBUFLEN];
p = rrset[i];
-
+
if (!extract_name(header, plen, &p, name, 1, 10))
return STAT_BOGUS;
@@ -566,12 +578,11 @@ static int validate_rrset(time_t now, st
/* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */
if (labels < name_labels)
{
- int k;
- for (k = name_labels - labels; k != 0; k--)
+ for (j = name_labels - labels; j != 0; j--)
{
while (*name_start != '.' && *name_start != 0)
name_start++;
- if (k != 1 && *name_start == '.')
+ if (j != 1 && *name_start == '.')
name_start++;
}
@@ -592,24 +603,44 @@ static int validate_rrset(time_t now, st
if (!CHECK_LEN(header, p, plen, rdlen))
return STAT_BOGUS;
- end = p + rdlen;
-
- /* canonicalise rdata and calculate length of same, use name buffer as workspace.
- Note that name buffer is twice MAXDNAME long in DNSSEC mode. */
- cp = p;
- dp = rr_desc;
- for (len = 0; (seg = get_rdata(header, plen, end, name, MAXDNAME * 2, &cp, &dp)) != 0; len += seg);
- len += end - cp;
- len = htons(len);
+ /* canonicalise rdata and calculate length of same, use
+ name buffer as workspace for get_rdata. */
+ state.ip = p;
+ state.op = NULL;
+ state.desc = rr_desc;
+ state.buff = name;
+ state.end = p + rdlen;
+
+ for (j = 0; get_rdata(header, plen, &state); j++)
+ if (j < RRBUFLEN)
+ rrbuf[j] = *state.op;
+
+ len = htons((u16)j);
hash->update(ctx, 2, (unsigned char *)&len);
+
+ /* If the RR is shorter than RRBUFLEN (most of them, in practice)
+ then we can just digest it now. If it exceeds RRBUFLEN we have to
+ go back to the start and do it in chunks. */
+ if (j >= RRBUFLEN)
+ {
+ state.ip = p;
+ state.op = NULL;
+ state.desc = rr_desc;
+
+ for (j = 0; get_rdata(header, plen, &state); j++)
+ {
+ rrbuf[j] = *state.op;
+
+ if (j == RRBUFLEN - 1)
+ {
+ hash->update(ctx, RRBUFLEN, rrbuf);
+ j = -1;
+ }
+ }
+ }
- /* Now canonicalise again and digest. */
- cp = p;
- dp = rr_desc;
- while ((seg = get_rdata(header, plen, end, name, MAXDNAME * 2, &cp, &dp)))
- hash->update(ctx, seg, (unsigned char *)name);
- if (cp != end)
- hash->update(ctx, end - cp, cp);
+ if (j != 0)
+ hash->update(ctx, j, rrbuf);
}
hash->digest(ctx, hash->digest_size, digest);

106
package/network/services/dnsmasq/patches/0103-Check-destination-of-DNS-UDP-query-replies.patch Normal file
View File

@@ -0,0 +1,106 @@
From 257ac0c5f7732cbc6aa96fdd3b06602234593aca Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 12 Nov 2020 18:49:23 +0000
Subject: Check destination of DNS UDP query replies.
At any time, dnsmasq will have a set of sockets open, bound to
random ports, on which it sends queries to upstream nameservers.
This patch fixes the existing problem that a reply for ANY in-flight
query would be accepted via ANY open port, which increases the
chances of an attacker flooding answers "in the blind" in an
attempt to poison the DNS cache. CERT VU#434904 refers.
---
CHANGELOG | 6 +++++-
src/forward.c | 37 ++++++++++++++++++++++++++++---------
2 files changed, 33 insertions(+), 10 deletions(-)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,8 +2,12 @@
dnsmasq with DNSSEC compiled in and enabled is vulnerable to this,
referenced by CERT VU#434904.
+ Be sure to only accept UDP DNS query replies at the address
+ from which the query was originated. This keeps as much entropy
+ in the {query-ID, random-port} tuple as possible, help defeat
+ cache poisoning attacks. Refer: CERT VU#434904.
+
->>>>>>> Fix remote buffer overflow CERT VU#434904
version 2.81
Impove cache behaviour for TCP connections. For ease of
implementaion, dnsmasq has always forked a new process to handle
--- a/src/forward.c
+++ b/src/forward.c
@@ -16,7 +16,7 @@
#include "dnsmasq.h"
-static struct frec *lookup_frec(unsigned short id, void *hash);
+static struct frec *lookup_frec(unsigned short id, int fd, int family, void *hash);
static struct frec *lookup_frec_by_sender(unsigned short id,
union mysockaddr *addr,
void *hash);
@@ -797,7 +797,7 @@ void reply_query(int fd, int family, tim
crc = questions_crc(header, n, daemon->namebuff);
#endif
- if (!(forward = lookup_frec(ntohs(header->id), hash)))
+ if (!(forward = lookup_frec(ntohs(header->id), fd, family, hash)))
return;
#ifdef HAVE_DUMPFILE
@@ -2289,14 +2289,25 @@ struct frec *get_new_frec(time_t now, in
}
/* crc is all-ones if not known. */
-static struct frec *lookup_frec(unsigned short id, void *hash)
+static struct frec *lookup_frec(unsigned short id, int fd, int family, void *hash)
{
struct frec *f;
for(f = daemon->frec_list; f; f = f->next)
if (f->sentto && f->new_id == id &&
(!hash || memcmp(hash, f->hash, HASH_SIZE) == 0))
- return f;
+ {
+ /* sent from random port */
+ if (family == AF_INET && f->rfd4 && f->rfd4->fd == fd)
+ return f;
+
+ if (family == AF_INET6 && f->rfd6 && f->rfd6->fd == fd)
+ return f;
+
+ /* sent to upstream from bound socket. */
+ if (f->sentto->sfd && f->sentto->sfd->fd == fd)
+ return f;
+ }
return NULL;
}
@@ -2357,12 +2368,20 @@ void server_gone(struct server *server)
static unsigned short get_id(void)
{
unsigned short ret = 0;
+ struct frec *f;
- do
- ret = rand16();
- while (lookup_frec(ret, NULL));
-
- return ret;
+ while (1)
+ {
+ ret = rand16();
+
+ /* ensure id is unique. */
+ for (f = daemon->frec_list; f; f = f->next)
+ if (f->sentto && f->new_id == ret)
+ break;
+
+ if (!f)
+ return ret;
+ }
}

581
package/network/services/dnsmasq/patches/0104-Use-SHA-256-to-provide-security-against-DNS-cache-po.patch Normal file
View File

@@ -0,0 +1,581 @@
From 2d765867c597db18be9d876c9c17e2c0fe1953cd Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 12 Nov 2020 22:06:07 +0000
Subject: Use SHA-256 to provide security against DNS cache poisoning.
Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
the very insecure CRC32 (otherwise). Refer: CERT VU#434904.
---
CHANGELOG | 5 +
Makefile | 3 +-
bld/Android.mk | 2 +-
src/dnsmasq.h | 11 +-
src/dnssec.c | 31 -----
src/forward.c | 43 ++-----
src/hash_questions.c | 281 +++++++++++++++++++++++++++++++++++++++++++
src/rfc1035.c | 49 --------
8 files changed, 301 insertions(+), 124 deletions(-)
create mode 100644 src/hash_questions.c
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -7,6 +7,11 @@
in the {query-ID, random-port} tuple as possible, help defeat
cache poisoning attacks. Refer: CERT VU#434904.
+ Use the SHA-256 hash function to verify that DNS answers
+ received are for the questions originally asked. This replaces
+ the slightly insecure SHA-1 (when compiled with DNSSEC) or
+ the very insecure CRC32 (otherwise). Refer: CERT VU#434904.
+
version 2.81
Impove cache behaviour for TCP connections. For ease of
--- a/Makefile
+++ b/Makefile
@@ -77,7 +77,8 @@ objs = cache.o rfc1035.o util.o option.o
helper.o tftp.o log.o conntrack.o dhcp6.o rfc3315.o \
dhcp-common.o outpacket.o radv.o slaac.o auth.o ipset.o \
domain.o dnssec.o blockdata.o tables.o loop.o inotify.o \
- poll.o rrfilter.o edns0.o arp.o crypto.o dump.o ubus.o metrics.o
+ poll.o rrfilter.o edns0.o arp.o crypto.o dump.o ubus.o \
+ metrics.o hash_questions.o
hdrs = dnsmasq.h config.h dhcp-protocol.h dhcp6-protocol.h \
dns-protocol.h radv-protocol.h ip6addr.h metrics.h
--- a/bld/Android.mk
+++ b/bld/Android.mk
@@ -11,7 +11,7 @@ LOCAL_SRC_FILES := bpf.c cache.c dbus.c
radv.c slaac.c auth.c ipset.c domain.c \
dnssec.c dnssec-openssl.c blockdata.c tables.c \
loop.c inotify.c poll.c rrfilter.c edns0.c arp.c \
- crypto.c dump.c ubus.c
+ crypto.c dump.c ubus.c metrics.c hash_questions.c
LOCAL_MODULE := dnsmasq
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -644,11 +644,7 @@ struct hostsfile {
#define FREC_TEST_PKTSZ 256
#define FREC_HAS_EXTRADATA 512
-#ifdef HAVE_DNSSEC
-#define HASH_SIZE 20 /* SHA-1 digest size */
-#else
-#define HASH_SIZE sizeof(int)
-#endif
+#define HASH_SIZE 32 /* SHA-256 digest size */
struct frec {
union mysockaddr source;
@@ -1199,7 +1195,6 @@ int check_for_bogus_wildcard(struct dns_
struct bogus_addr *baddr, time_t now);
int check_for_ignored_address(struct dns_header *header, size_t qlen, struct bogus_addr *baddr);
int check_for_local_domain(char *name, time_t now);
-unsigned int questions_crc(struct dns_header *header, size_t plen, char *name);
size_t resize_packet(struct dns_header *header, size_t plen,
unsigned char *pheader, size_t hlen);
int add_resource_record(struct dns_header *header, char *limit, int *truncp,
@@ -1227,9 +1222,11 @@ int dnssec_validate_reply(time_t now, st
int check_unsigned, int *neganswer, int *nons);
int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen);
size_t filter_rrsigs(struct dns_header *header, size_t plen);
-unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name);
int setup_timestamp(void);
+/* hash_questions.c */
+unsigned char *hash_questions(struct dns_header *header, size_t plen, char *name);
+
/* crypto.c */
const struct nettle_hash *hash_find(char *name);
int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char **digestp);
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -2082,35 +2082,4 @@ size_t dnssec_generate_query(struct dns_
return ret;
}
-unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name)
-{
- int q;
- unsigned int len;
- unsigned char *p = (unsigned char *)(header+1);
- const struct nettle_hash *hash;
- void *ctx;
- unsigned char *digest;
-
- if (!(hash = hash_find("sha1")) || !hash_init(hash, &ctx, &digest))
- return NULL;
-
- for (q = ntohs(header->qdcount); q != 0; q--)
- {
- if (!extract_name(header, plen, &p, name, 1, 4))
- break; /* bad packet */
-
- len = to_wire(name);
- hash->update(ctx, len, (unsigned char *)name);
- /* CRC the class and type as well */
- hash->update(ctx, 4, p);
-
- p += 4;
- if (!CHECK_LEN(header, p, plen, 0))
- break; /* bad packet */
- }
-
- hash->digest(ctx, hash->digest_size, digest);
- return digest;
-}
-
#endif /* HAVE_DNSSEC */
--- a/src/forward.c
+++ b/src/forward.c
@@ -248,19 +248,16 @@ static int forward_query(int udpfd, unio
union all_addr *addrp = NULL;
unsigned int flags = 0;
struct server *start = NULL;
-#ifdef HAVE_DNSSEC
void *hash = hash_questions(header, plen, daemon->namebuff);
+#ifdef HAVE_DNSSEC
int do_dnssec = 0;
-#else
- unsigned int crc = questions_crc(header, plen, daemon->namebuff);
- void *hash = &crc;
#endif
unsigned int gotname = extract_request(header, plen, daemon->namebuff, NULL);
unsigned char *oph = find_pseudoheader(header, plen, NULL, NULL, NULL, NULL);
(void)do_bit;
/* may be no servers available. */
- if (forward || (hash && (forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, hash))))
+ if (forward || (forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, hash)))
{
/* If we didn't get an answer advertising a maximal packet in EDNS,
fall back to 1280, which should work everywhere on IPv6.
@@ -761,9 +758,6 @@ void reply_query(int fd, int family, tim
size_t nn;
struct server *server;
void *hash;
-#ifndef HAVE_DNSSEC
- unsigned int crc;
-#endif
/* packet buffer overwritten */
daemon->srv_save = NULL;
@@ -790,12 +784,7 @@ void reply_query(int fd, int family, tim
if (difftime(now, server->pktsz_reduced) > UDP_TEST_TIME)
server->edns_pktsz = daemon->edns_pktsz;
-#ifdef HAVE_DNSSEC
hash = hash_questions(header, n, daemon->namebuff);
-#else
- hash = &crc;
- crc = questions_crc(header, n, daemon->namebuff);
-#endif
if (!(forward = lookup_frec(ntohs(header->id), fd, family, hash)))
return;
@@ -1100,8 +1089,7 @@ void reply_query(int fd, int family, tim
log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, daemon->keyname, (union all_addr *)&(server->addr.in6.sin6_addr),
querystr("dnssec-query", querytype));
- if ((hash = hash_questions(header, nn, daemon->namebuff)))
- memcpy(new->hash, hash, HASH_SIZE);
+ memcpy(new->hash, hash_questions(header, nn, daemon->namebuff), HASH_SIZE);
new->new_id = get_id();
header->id = htons(new->new_id);
/* Save query for retransmission */
@@ -1937,15 +1925,9 @@ unsigned char *tcp_request(int confd, ti
if (!flags && last_server)
{
struct server *firstsendto = NULL;
-#ifdef HAVE_DNSSEC
- unsigned char *newhash, hash[HASH_SIZE];
- if ((newhash = hash_questions(header, (unsigned int)size, daemon->namebuff)))
- memcpy(hash, newhash, HASH_SIZE);
- else
- memset(hash, 0, HASH_SIZE);
-#else
- unsigned int crc = questions_crc(header, (unsigned int)size, daemon->namebuff);
-#endif
+ unsigned char hash[HASH_SIZE];
+ memcpy(hash, hash_questions(header, (unsigned int)size, daemon->namebuff), HASH_SIZE);
+
/* Loop round available servers until we succeed in connecting to one.
Note that this code subtly ensures that consecutive queries on this connection
which can go to the same server, do so. */
@@ -2068,20 +2050,11 @@ unsigned char *tcp_request(int confd, ti
/* If the crc of the question section doesn't match the crc we sent, then
someone might be attempting to insert bogus values into the cache by
sending replies containing questions and bogus answers. */
-#ifdef HAVE_DNSSEC
- newhash = hash_questions(header, (unsigned int)m, daemon->namebuff);
- if (!newhash || memcmp(hash, newhash, HASH_SIZE) != 0)
+ if (memcmp(hash, hash_questions(header, (unsigned int)m, daemon->namebuff), HASH_SIZE) != 0)
{
m = 0;
break;
}
-#else
- if (crc != questions_crc(header, (unsigned int)m, daemon->namebuff))
- {
- m = 0;
- break;
- }
-#endif
m = process_reply(header, now, last_server, (unsigned int)m,
option_bool(OPT_NO_REBIND) && !norebind, no_cache_dnssec, cache_secure, bogusanswer,
@@ -2295,7 +2268,7 @@ static struct frec *lookup_frec(unsigned
for(f = daemon->frec_list; f; f = f->next)
if (f->sentto && f->new_id == id &&
- (!hash || memcmp(hash, f->hash, HASH_SIZE) == 0))
+ (memcmp(hash, f->hash, HASH_SIZE) == 0))
{
/* sent from random port */
if (family == AF_INET && f->rfd4 && f->rfd4->fd == fd)
--- /dev/null
+++ b/src/hash_questions.c
@@ -0,0 +1,281 @@
+/* Copyright (c) 2012-2020 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 dated June, 1991, or
+ (at your option) version 3 dated 29 June, 2007.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+/* Hash the question section. This is used to safely detect query
+ retransmission and to detect answers to questions we didn't ask, which
+ might be poisoning attacks. Note that we decode the name rather
+ than CRC the raw bytes, since replies might be compressed differently.
+ We ignore case in the names for the same reason.
+
+ The hash used is SHA-256. If we're building with DNSSEC support,
+ we use the Nettle cypto library. If not, we prefer not to
+ add a dependency on Nettle, and use a stand-alone implementaion.
+*/
+
+#include "dnsmasq.h"
+
+#ifdef HAVE_DNSSEC
+unsigned char *hash_questions(struct dns_header *header, size_t plen, char *name)
+{
+ int q;
+ unsigned char *p = (unsigned char *)(header+1);
+ const struct nettle_hash *hash;
+ void *ctx;
+ unsigned char *digest;
+
+ if (!(hash = hash_find("sha256")) || !hash_init(hash, &ctx, &digest))
+ {
+ /* don't think this can ever happen. */
+ static unsigned char dummy[HASH_SIZE];
+ static int warned = 0;
+
+ if (warned)
+ my_syslog(LOG_ERR, _("Failed to create SHA-256 hash object"));
+ warned = 1;
+
+ return dummy;
+ }
+
+ for (q = ntohs(header->qdcount); q != 0; q--)
+ {
+ char *cp, c;
+
+ if (!extract_name(header, plen, &p, name, 1, 4))
+ break; /* bad packet */
+
+ for (cp = name; (c = *cp); cp++)
+ if (c >= 'A' && c <= 'Z')
+ *cp += 'a' - 'A';
+
+ hash->update(ctx, cp - name, (unsigned char *)name);
+ /* CRC the class and type as well */
+ hash->update(ctx, 4, p);
+
+ p += 4;
+ if (!CHECK_LEN(header, p, plen, 0))
+ break; /* bad packet */
+ }
+
+ hash->digest(ctx, hash->digest_size, digest);
+ return digest;
+}
+
+#else /* HAVE_DNSSEC */
+
+#define SHA256_BLOCK_SIZE 32 // SHA256 outputs a 32 byte digest
+typedef unsigned char BYTE; // 8-bit byte
+typedef unsigned int WORD; // 32-bit word, change to "long" for 16-bit machines
+
+typedef struct {
+ BYTE data[64];
+ WORD datalen;
+ unsigned long long bitlen;
+ WORD state[8];
+} SHA256_CTX;
+
+static void sha256_init(SHA256_CTX *ctx);
+static void sha256_update(SHA256_CTX *ctx, const BYTE data[], size_t len);
+static void sha256_final(SHA256_CTX *ctx, BYTE hash[]);
+
+
+unsigned char *hash_questions(struct dns_header *header, size_t plen, char *name)
+{
+ int q;
+ unsigned char *p = (unsigned char *)(header+1);
+ SHA256_CTX ctx;
+ static BYTE digest[SHA256_BLOCK_SIZE];
+
+ sha256_init(&ctx);
+
+ for (q = ntohs(header->qdcount); q != 0; q--)
+ {
+ char *cp, c;
+
+ if (!extract_name(header, plen, &p, name, 1, 4))
+ break; /* bad packet */
+
+ for (cp = name; (c = *cp); cp++)
+ if (c >= 'A' && c <= 'Z')
+ *cp += 'a' - 'A';
+
+ sha256_update(&ctx, (BYTE *)name, cp - name);
+ /* CRC the class and type as well */
+ sha256_update(&ctx, (BYTE *)p, 4);
+
+ p += 4;
+ if (!CHECK_LEN(header, p, plen, 0))
+ break; /* bad packet */
+ }
+
+ sha256_final(&ctx, digest);
+ return (unsigned char *)digest;
+}
+
+/* Code from here onwards comes from https://github.com/B-Con/crypto-algorithms
+ and was written by Brad Conte (brad@bradconte.com), to whom all credit is given.
+
+ This code is in the public domain, and the copyright notice at the head of this
+ file does not apply to it.
+*/
+
+
+/****************************** MACROS ******************************/
+#define ROTLEFT(a,b) (((a) << (b)) | ((a) >> (32-(b))))
+#define ROTRIGHT(a,b) (((a) >> (b)) | ((a) << (32-(b))))
+
+#define CH(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
+#define MAJ(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+#define EP0(x) (ROTRIGHT(x,2) ^ ROTRIGHT(x,13) ^ ROTRIGHT(x,22))
+#define EP1(x) (ROTRIGHT(x,6) ^ ROTRIGHT(x,11) ^ ROTRIGHT(x,25))
+#define SIG0(x) (ROTRIGHT(x,7) ^ ROTRIGHT(x,18) ^ ((x) >> 3))
+#define SIG1(x) (ROTRIGHT(x,17) ^ ROTRIGHT(x,19) ^ ((x) >> 10))
+
+/**************************** VARIABLES *****************************/
+static const WORD k[64] = {
+ 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
+ 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
+ 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
+ 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
+ 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
+ 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
+ 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
+ 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+};
+
+/*********************** FUNCTION DEFINITIONS ***********************/
+static void sha256_transform(SHA256_CTX *ctx, const BYTE data[])
+{
+ WORD a, b, c, d, e, f, g, h, i, j, t1, t2, m[64];
+
+ for (i = 0, j = 0; i < 16; ++i, j += 4)
+ m[i] = (data[j] << 24) | (data[j + 1] << 16) | (data[j + 2] << 8) | (data[j + 3]);
+ for ( ; i < 64; ++i)
+ m[i] = SIG1(m[i - 2]) + m[i - 7] + SIG0(m[i - 15]) + m[i - 16];
+
+ a = ctx->state[0];
+ b = ctx->state[1];
+ c = ctx->state[2];
+ d = ctx->state[3];
+ e = ctx->state[4];
+ f = ctx->state[5];
+ g = ctx->state[6];
+ h = ctx->state[7];
+
+ for (i = 0; i < 64; ++i)
+ {
+ t1 = h + EP1(e) + CH(e,f,g) + k[i] + m[i];
+ t2 = EP0(a) + MAJ(a,b,c);
+ h = g;
+ g = f;
+ f = e;
+ e = d + t1;
+ d = c;
+ c = b;
+ b = a;
+ a = t1 + t2;
+ }
+
+ ctx->state[0] += a;
+ ctx->state[1] += b;
+ ctx->state[2] += c;
+ ctx->state[3] += d;
+ ctx->state[4] += e;
+ ctx->state[5] += f;
+ ctx->state[6] += g;
+ ctx->state[7] += h;
+}
+
+static void sha256_init(SHA256_CTX *ctx)
+{
+ ctx->datalen = 0;
+ ctx->bitlen = 0;
+ ctx->state[0] = 0x6a09e667;
+ ctx->state[1] = 0xbb67ae85;
+ ctx->state[2] = 0x3c6ef372;
+ ctx->state[3] = 0xa54ff53a;
+ ctx->state[4] = 0x510e527f;
+ ctx->state[5] = 0x9b05688c;
+ ctx->state[6] = 0x1f83d9ab;
+ ctx->state[7] = 0x5be0cd19;
+}
+
+static void sha256_update(SHA256_CTX *ctx, const BYTE data[], size_t len)
+{
+ WORD i;
+
+ for (i = 0; i < len; ++i)
+ {
+ ctx->data[ctx->datalen] = data[i];
+ ctx->datalen++;
+ if (ctx->datalen == 64) {
+ sha256_transform(ctx, ctx->data);
+ ctx->bitlen += 512;
+ ctx->datalen = 0;
+ }
+ }
+}
+
+static void sha256_final(SHA256_CTX *ctx, BYTE hash[])
+{
+ WORD i;
+
+ i = ctx->datalen;
+
+ // Pad whatever data is left in the buffer.
+ if (ctx->datalen < 56)
+ {
+ ctx->data[i++] = 0x80;
+ while (i < 56)
+ ctx->data[i++] = 0x00;
+ }
+ else
+ {
+ ctx->data[i++] = 0x80;
+ while (i < 64)
+ ctx->data[i++] = 0x00;
+ sha256_transform(ctx, ctx->data);
+ memset(ctx->data, 0, 56);
+ }
+
+ // Append to the padding the total message's length in bits and transform.
+ ctx->bitlen += ctx->datalen * 8;
+ ctx->data[63] = ctx->bitlen;
+ ctx->data[62] = ctx->bitlen >> 8;
+ ctx->data[61] = ctx->bitlen >> 16;
+ ctx->data[60] = ctx->bitlen >> 24;
+ ctx->data[59] = ctx->bitlen >> 32;
+ ctx->data[58] = ctx->bitlen >> 40;
+ ctx->data[57] = ctx->bitlen >> 48;
+ ctx->data[56] = ctx->bitlen >> 56;
+ sha256_transform(ctx, ctx->data);
+
+ // Since this implementation uses little endian byte ordering and SHA uses big endian,
+ // reverse all the bytes when copying the final state to the output hash.
+ for (i = 0; i < 4; ++i)
+ {
+ hash[i] = (ctx->state[0] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 4] = (ctx->state[1] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 8] = (ctx->state[2] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 12] = (ctx->state[3] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 16] = (ctx->state[4] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 20] = (ctx->state[5] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 24] = (ctx->state[6] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 28] = (ctx->state[7] >> (24 - i * 8)) & 0x000000ff;
+ }
+}
+
+#endif
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -333,55 +333,6 @@ unsigned char *skip_section(unsigned cha
return ansp;
}
-/* CRC the question section. This is used to safely detect query
- retransmission and to detect answers to questions we didn't ask, which
- might be poisoning attacks. Note that we decode the name rather
- than CRC the raw bytes, since replies might be compressed differently.
- We ignore case in the names for the same reason. Return all-ones
- if there is not question section. */
-#ifndef HAVE_DNSSEC
-unsigned int questions_crc(struct dns_header *header, size_t plen, char *name)
-{
- int q;
- unsigned int crc = 0xffffffff;
- unsigned char *p1, *p = (unsigned char *)(header+1);
-
- for (q = ntohs(header->qdcount); q != 0; q--)
- {
- if (!extract_name(header, plen, &p, name, 1, 4))
- return crc; /* bad packet */
-
- for (p1 = (unsigned char *)name; *p1; p1++)
- {
- int i = 8;
- char c = *p1;
-
- if (c >= 'A' && c <= 'Z')
- c += 'a' - 'A';
-
- crc ^= c << 24;
- while (i--)
- crc = crc & 0x80000000 ? (crc << 1) ^ 0x04c11db7 : crc << 1;
- }
-
- /* CRC the class and type as well */
- for (p1 = p; p1 < p+4; p1++)
- {
- int i = 8;
- crc ^= *p1 << 24;
- while (i--)
- crc = crc & 0x80000000 ? (crc << 1) ^ 0x04c11db7 : crc << 1;
- }
-
- p += 4;
- if (!CHECK_LEN(header, p, plen, 0))
- return crc; /* bad packet */
- }
-
- return crc;
-}
-#endif
-
size_t resize_packet(struct dns_header *header, size_t plen, unsigned char *pheader, size_t hlen)
{
unsigned char *ansp = skip_questions(header, plen);

122
package/network/services/dnsmasq/patches/0105-Optimse-RR-digest-calculation-in-DNSSEC.patch Normal file
View File

@@ -0,0 +1,122 @@
From 059aded0700309308dafd9720b0313ce52f6e189 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 12 Nov 2020 23:09:15 +0000
Subject: Optimse RR digest calculation in DNSSEC.
If an RR is of a type which doesn't need canonicalisation,
bypass the relatively slow canonicalisation code, and insert
it direct into the digest.
---
src/dnssec.c | 82 +++++++++++++++++++++++++++++++---------------------
1 file changed, 49 insertions(+), 33 deletions(-)
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -559,7 +559,7 @@ static int validate_rrset(time_t now, st
hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname);
from_wire(keyname);
-#define RRBUFLEN 300 /* Most RRs are smaller than this. */
+#define RRBUFLEN 128 /* Most RRs are smaller than this. */
for (i = 0; i < rrsetidx; ++i)
{
@@ -597,50 +597,66 @@ static int validate_rrset(time_t now, st
hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name_start);
hash->update(ctx, 4, p); /* class and type */
hash->update(ctx, 4, (unsigned char *)&nsigttl);
-
- p += 8; /* skip class, type, ttl */
+
+ p += 8; /* skip type, class, ttl */
GETSHORT(rdlen, p);
if (!CHECK_LEN(header, p, plen, rdlen))
return STAT_BOGUS;
-
- /* canonicalise rdata and calculate length of same, use
- name buffer as workspace for get_rdata. */
- state.ip = p;
- state.op = NULL;
- state.desc = rr_desc;
- state.buff = name;
- state.end = p + rdlen;
-
- for (j = 0; get_rdata(header, plen, &state); j++)
- if (j < RRBUFLEN)
- rrbuf[j] = *state.op;
- len = htons((u16)j);
- hash->update(ctx, 2, (unsigned char *)&len);
-
- /* If the RR is shorter than RRBUFLEN (most of them, in practice)
- then we can just digest it now. If it exceeds RRBUFLEN we have to
- go back to the start and do it in chunks. */
- if (j >= RRBUFLEN)
+ /* Optimisation for RR types which need no cannonicalisation.
+ This includes DNSKEY DS NSEC and NSEC3, which are also long, so
+ it saves lots of calls to get_rdata, and avoids the pessimal
+ segmented insertion, even with a small rrbuf[].
+
+ If canonicalisation is not needed, a simple insertion into the hash works.
+ */
+ if (*rr_desc == (u16)-1)
+ {
+ len = htons(rdlen);
+ hash->update(ctx, 2, (unsigned char *)&len);
+ hash->update(ctx, rdlen, p);
+ }
+ else
{
+ /* canonicalise rdata and calculate length of same, use
+ name buffer as workspace for get_rdata. */
state.ip = p;
state.op = NULL;
state.desc = rr_desc;
-
+ state.buff = name;
+ state.end = p + rdlen;
+
for (j = 0; get_rdata(header, plen, &state); j++)
+ if (j < RRBUFLEN)
+ rrbuf[j] = *state.op;
+
+ len = htons((u16)j);
+ hash->update(ctx, 2, (unsigned char *)&len);
+
+ /* If the RR is shorter than RRBUFLEN (most of them, in practice)
+ then we can just digest it now. If it exceeds RRBUFLEN we have to
+ go back to the start and do it in chunks. */
+ if (j >= RRBUFLEN)
{
- rrbuf[j] = *state.op;
-
- if (j == RRBUFLEN - 1)
- {
- hash->update(ctx, RRBUFLEN, rrbuf);
- j = -1;
- }
+ state.ip = p;
+ state.op = NULL;
+ state.desc = rr_desc;
+
+ for (j = 0; get_rdata(header, plen, &state); j++)
+ {
+ rrbuf[j] = *state.op;
+
+ if (j == RRBUFLEN - 1)
+ {
+ hash->update(ctx, RRBUFLEN, rrbuf);
+ j = -1;
+ }
+ }
}
+
+ if (j != 0)
+ hash->update(ctx, j, rrbuf);
}
-
- if (j != 0)
- hash->update(ctx, j, rrbuf);
}
hash->digest(ctx, hash->digest_size, digest);

64
package/network/services/dnsmasq/patches/0107-Add-missing-check-for-NULL-return-from-allocate_rfd.patch Normal file
View File

@@ -0,0 +1,64 @@
From 824461192ca5098043f9ca4ddeba7df1f65b30ba Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Sun, 15 Nov 2020 22:13:25 +0000
Subject: Add missing check for NULL return from allocate_rfd().
---
src/forward.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
--- a/src/forward.c
+++ b/src/forward.c
@@ -815,7 +815,6 @@ void reply_query(int fd, int family, tim
int is_sign;
#ifdef HAVE_DNSSEC
- /* For DNSSEC originated queries, just retry the query to the same server. */
if (forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY))
{
struct server *start;
@@ -841,6 +840,8 @@ void reply_query(int fd, int family, tim
}
+ fd = -1;
+
if (start->sfd)
fd = start->sfd->fd;
else
@@ -848,19 +849,21 @@ void reply_query(int fd, int family, tim
if (start->addr.sa.sa_family == AF_INET6)
{
/* may have changed family */
- if (!forward->rfd6)
- forward->rfd6 = allocate_rfd(AF_INET6);
- fd = forward->rfd6->fd;
+ if (forward->rfd6 || (forward->rfd6 = allocate_rfd(AF_INET6)))
+ fd = forward->rfd6->fd;
}
else
{
/* may have changed family */
- if (!forward->rfd4)
- forward->rfd4 = allocate_rfd(AF_INET);
- fd = forward->rfd4->fd;
+ if (forward->rfd4 || (forward->rfd4 = allocate_rfd(AF_INET)))
+ fd = forward->rfd4->fd;
}
}
+ /* Can't get socket. */
+ if (fd == -1)
+ return;
+
while (retry_send(sendto(fd, (char *)header, plen, 0,
&start->addr.sa,
sa_len(&start->addr))));
@@ -2261,7 +2264,6 @@ struct frec *get_new_frec(time_t now, in
return f; /* OK if malloc fails and this is NULL */
}
-/* crc is all-ones if not known. */
static struct frec *lookup_frec(unsigned short id, int fd, int family, void *hash)
{
struct frec *f;

352
package/network/services/dnsmasq/patches/0108-Handle-multiple-identical-near-simultaneous-DNS-quer.patch Normal file
View File

@@ -0,0 +1,352 @@
From 15b60ddf935a531269bb8c68198de012a4967156 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed, 18 Nov 2020 18:34:55 +0000
Subject: Handle multiple identical near simultaneous DNS queries better.
Previously, such queries would all be forwarded
independently. This is, in theory, inefficent but in practise
not a problem, _except_ that is means that an answer for any
of the forwarded queries will be accepted and cached.
An attacker can send a query multiple times, and for each repeat,
another {port, ID} becomes capable of accepting the answer he is
sending in the blind, to random IDs and ports. The chance of a
succesful attack is therefore multiplied by the number of repeats
of the query. The new behaviour detects repeated queries and
merely stores the clients sending repeats so that when the
first query completes, the answer can be sent to all the
clients who asked. Refer: CERT VU#434904.
---
CHANGELOG | 16 +++++-
src/dnsmasq.h | 19 ++++---
src/forward.c | 142 ++++++++++++++++++++++++++++++++++++++++++--------
3 files changed, 147 insertions(+), 30 deletions(-)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,13 +4,27 @@
Be sure to only accept UDP DNS query replies at the address
from which the query was originated. This keeps as much entropy
- in the {query-ID, random-port} tuple as possible, help defeat
+ in the {query-ID, random-port} tuple as possible, to help defeat
cache poisoning attacks. Refer: CERT VU#434904.
Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
the very insecure CRC32 (otherwise). Refer: CERT VU#434904.
+
+ Handle multiple identical near simultaneous DNS queries better.
+ Previously, such queries would all be forwarded
+ independently. This is, in theory, inefficent but in practise
+ not a problem, _except_ that is means that an answer for any
+ of the forwarded queries will be accepted and cached.
+ An attacker can send a query multiple times, and for each repeat,
+ another {port, ID} becomes capable of accepting the answer he is
+ sending in the blind, to random IDs and ports. The chance of a
+ succesful attack is therefore multiplied by the number of repeats
+ of the query. The new behaviour detects repeated queries and
+ merely stores the clients sending repeats so that when the
+ first query completes, the answer can be sent to all the
+ clients who asked. Refer: CERT VU#434904.
version 2.81
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -642,19 +642,24 @@ struct hostsfile {
#define FREC_DO_QUESTION 64
#define FREC_ADDED_PHEADER 128
#define FREC_TEST_PKTSZ 256
-#define FREC_HAS_EXTRADATA 512
+#define FREC_HAS_EXTRADATA 512
+#define FREC_HAS_PHEADER 1024
#define HASH_SIZE 32 /* SHA-256 digest size */
struct frec {
- union mysockaddr source;
- union all_addr dest;
+ struct frec_src {
+ union mysockaddr source;
+ union all_addr dest;
+ unsigned int iface, log_id;
+ unsigned short orig_id;
+ struct frec_src *next;
+ } frec_src;
struct server *sentto; /* NULL means free */
struct randfd *rfd4;
struct randfd *rfd6;
- unsigned int iface;
- unsigned short orig_id, new_id;
- int log_id, fd, forwardall, flags;
+ unsigned short new_id;
+ int fd, forwardall, flags;
time_t time;
unsigned char *hash[HASH_SIZE];
#ifdef HAVE_DNSSEC
@@ -1069,6 +1074,8 @@ extern struct daemon {
int back_to_the_future;
#endif
struct frec *frec_list;
+ struct frec_src *free_frec_src;
+ int frec_src_count;
struct serverfd *sfds;
struct irec *interfaces;
struct listener *listeners;
--- a/src/forward.c
+++ b/src/forward.c
@@ -20,6 +20,8 @@ static struct frec *lookup_frec(unsigned
static struct frec *lookup_frec_by_sender(unsigned short id,
union mysockaddr *addr,
void *hash);
+static struct frec *lookup_frec_by_query(void *hash, unsigned int flags);
+
static unsigned short get_id(void);
static void free_frec(struct frec *f);
@@ -247,6 +249,7 @@ static int forward_query(int udpfd, unio
int type = SERV_DO_DNSSEC, norebind = 0;
union all_addr *addrp = NULL;
unsigned int flags = 0;
+ unsigned int fwd_flags = 0;
struct server *start = NULL;
void *hash = hash_questions(header, plen, daemon->namebuff);
#ifdef HAVE_DNSSEC
@@ -255,7 +258,18 @@ static int forward_query(int udpfd, unio
unsigned int gotname = extract_request(header, plen, daemon->namebuff, NULL);
unsigned char *oph = find_pseudoheader(header, plen, NULL, NULL, NULL, NULL);
(void)do_bit;
-
+
+ if (header->hb4 & HB4_CD)
+ fwd_flags |= FREC_CHECKING_DISABLED;
+ if (ad_reqd)
+ fwd_flags |= FREC_AD_QUESTION;
+ if (oph)
+ fwd_flags |= FREC_HAS_PHEADER;
+#ifdef HAVE_DNSSEC
+ if (do_bit)
+ fwd_flags |= FREC_DO_QUESTION;
+#endif
+
/* may be no servers available. */
if (forward || (forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, hash)))
{
@@ -328,6 +342,39 @@ static int forward_query(int udpfd, unio
}
else
{
+ /* Query from new source, but the same query may be in progress
+ from another source. If so, just add this client to the
+ list that will get the reply.
+
+ Note that is the EDNS client subnet option is in use, we can't do this,
+ as the clients (and therefore query EDNS options) will be different
+ for each query. The EDNS subnet code has checks to avoid
+ attacks in this case. */
+ if (!option_bool(OPT_CLIENT_SUBNET) && (forward = lookup_frec_by_query(hash, fwd_flags)))
+ {
+ /* Note whine_malloc() zeros memory. */
+ if (!daemon->free_frec_src &&
+ daemon->frec_src_count < daemon->ftabsize &&
+ (daemon->free_frec_src = whine_malloc(sizeof(struct frec_src))))
+ daemon->frec_src_count++;
+
+ /* If we've been spammed with many duplicates, just drop the query. */
+ if (daemon->free_frec_src)
+ {
+ struct frec_src *new = daemon->free_frec_src;
+ daemon->free_frec_src = new->next;
+ new->next = forward->frec_src.next;
+ forward->frec_src.next = new;
+ new->orig_id = ntohs(header->id);
+ new->source = *udpaddr;
+ new->dest = *dst_addr;
+ new->log_id = daemon->log_id;
+ new->iface = dst_iface;
+ }
+
+ return 1;
+ }
+
if (gotname)
flags = search_servers(now, &addrp, gotname, daemon->namebuff, &type, &domain, &norebind);
@@ -335,22 +382,22 @@ static int forward_query(int udpfd, unio
do_dnssec = type & SERV_DO_DNSSEC;
#endif
type &= ~SERV_DO_DNSSEC;
-
+
if (daemon->servers && !flags)
forward = get_new_frec(now, NULL, 0);
/* table full - flags == 0, return REFUSED */
if (forward)
{
- forward->source = *udpaddr;
- forward->dest = *dst_addr;
- forward->iface = dst_iface;
- forward->orig_id = ntohs(header->id);
+ forward->frec_src.source = *udpaddr;
+ forward->frec_src.orig_id = ntohs(header->id);
+ forward->frec_src.dest = *dst_addr;
+ forward->frec_src.iface = dst_iface;
forward->new_id = get_id();
forward->fd = udpfd;
memcpy(forward->hash, hash, HASH_SIZE);
forward->forwardall = 0;
- forward->flags = 0;
+ forward->flags = fwd_flags;
if (norebind)
forward->flags |= FREC_NOREBIND;
if (header->hb4 & HB4_CD)
@@ -405,9 +452,9 @@ static int forward_query(int udpfd, unio
unsigned char *pheader;
/* If a query is retried, use the log_id for the retry when logging the answer. */
- forward->log_id = daemon->log_id;
+ forward->frec_src.log_id = daemon->log_id;
- plen = add_edns0_config(header, plen, ((unsigned char *)header) + PACKETSZ, &forward->source, now, &subnet);
+ plen = add_edns0_config(header, plen, ((unsigned char *)header) + PACKETSZ, &forward->frec_src.source, now, &subnet);
if (subnet)
forward->flags |= FREC_HAS_SUBNET;
@@ -544,7 +591,7 @@ static int forward_query(int udpfd, unio
return 1;
/* could not send on, prepare to return */
- header->id = htons(forward->orig_id);
+ header->id = htons(forward->frec_src.orig_id);
free_frec(forward); /* cancel */
}
@@ -796,8 +843,8 @@ void reply_query(int fd, int family, tim
/* log_query gets called indirectly all over the place, so
pass these in global variables - sorry. */
- daemon->log_display_id = forward->log_id;
- daemon->log_source_addr = &forward->source;
+ daemon->log_display_id = forward->frec_src.log_id;
+ daemon->log_source_addr = &forward->frec_src.source;
if (daemon->ignore_addr && RCODE(header) == NOERROR &&
check_for_ignored_address(header, n, daemon->ignore_addr))
@@ -1065,6 +1112,7 @@ void reply_query(int fd, int family, tim
new->sentto = server;
new->rfd4 = NULL;
new->rfd6 = NULL;
+ new->frec_src.next = NULL;
new->flags &= ~(FREC_DNSKEY_QUERY | FREC_DS_QUERY | FREC_HAS_EXTRADATA);
new->forwardall = 0;
@@ -1199,9 +1247,11 @@ void reply_query(int fd, int family, tim
if ((nn = process_reply(header, now, forward->sentto, (size_t)n, check_rebind, no_cache_dnssec, cache_secure, bogusanswer,
forward->flags & FREC_AD_QUESTION, forward->flags & FREC_DO_QUESTION,
- forward->flags & FREC_ADDED_PHEADER, forward->flags & FREC_HAS_SUBNET, &forward->source)))
+ forward->flags & FREC_ADDED_PHEADER, forward->flags & FREC_HAS_SUBNET, &forward->frec_src.source)))
{
- header->id = htons(forward->orig_id);
+ struct frec_src *src;
+
+ header->id = htons(forward->frec_src.orig_id);
header->hb4 |= HB4_RA; /* recursion if available */
#ifdef HAVE_DNSSEC
/* We added an EDNSO header for the purpose of getting DNSSEC RRs, and set the value of the UDP payload size
@@ -1217,13 +1267,26 @@ void reply_query(int fd, int family, tim
}
#endif
+ for (src = &forward->frec_src; src; src = src->next)
+ {
+ header->id = htons(src->orig_id);
+
#ifdef HAVE_DUMPFILE
- dump_packet(DUMP_REPLY, daemon->packet, (size_t)nn, NULL, &forward->source);
+ dump_packet(DUMP_REPLY, daemon->packet, (size_t)nn, NULL, &src->source);
#endif
-
- send_from(forward->fd, option_bool(OPT_NOWILD) || option_bool (OPT_CLEVERBIND), daemon->packet, nn,
- &forward->source, &forward->dest, forward->iface);
+
+ send_from(forward->fd, option_bool(OPT_NOWILD) || option_bool (OPT_CLEVERBIND), daemon->packet, nn,
+ &src->source, &src->dest, src->iface);
+
+ if (option_bool(OPT_EXTRALOG) && src != &forward->frec_src)
+ {
+ daemon->log_display_id = src->log_id;
+ daemon->log_source_addr = &src->source;
+ log_query(F_UPSTREAM, "query", NULL, "duplicate");
+ }
+ }
}
+
free_frec(forward); /* cancel */
}
}
@@ -2153,6 +2216,17 @@ void free_rfd(struct randfd *rfd)
static void free_frec(struct frec *f)
{
+ struct frec_src *src, *tmp;
+
+ /* add back to freelist of not the record builtin to every frec. */
+ for (src = f->frec_src.next; src; src = tmp)
+ {
+ tmp = src->next;
+ src->next = daemon->free_frec_src;
+ daemon->free_frec_src = src;
+ }
+
+ f->frec_src.next = NULL;
free_rfd(f->rfd4);
f->rfd4 = NULL;
f->sentto = NULL;
@@ -2292,17 +2366,39 @@ static struct frec *lookup_frec_by_sende
void *hash)
{
struct frec *f;
+ struct frec_src *src;
+
+ for (f = daemon->frec_list; f; f = f->next)
+ if (f->sentto &&
+ !(f->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY)) &&
+ memcmp(hash, f->hash, HASH_SIZE) == 0)
+ for (src = &f->frec_src; src; src = src->next)
+ if (src->orig_id == id &&
+ sockaddr_isequal(&src->source, addr))
+ return f;
+
+ return NULL;
+}
+
+static struct frec *lookup_frec_by_query(void *hash, unsigned int flags)
+{
+ struct frec *f;
+
+ /* FREC_DNSKEY and FREC_DS_QUERY are never set in flags, so the test below
+ ensures that no frec created for internal DNSSEC query can be returned here. */
+
+#define FLAGMASK (FREC_CHECKING_DISABLED | FREC_AD_QUESTION | FREC_DO_QUESTION \
+ | FREC_HAS_PHEADER | FREC_DNSKEY_QUERY | FREC_DS_QUERY)
for(f = daemon->frec_list; f; f = f->next)
if (f->sentto &&
- f->orig_id == id &&
- memcmp(hash, f->hash, HASH_SIZE) == 0 &&
- sockaddr_isequal(&f->source, addr))
+ (f->flags & FLAGMASK) == flags &&
+ memcmp(hash, f->hash, HASH_SIZE) == 0)
return f;
-
+
return NULL;
}
-
+
/* Send query packet again, if we can. */
void resend_query()
{

350
package/network/services/dnsmasq/patches/0109-Handle-caching-with-EDNS-options-better.patch Normal file
View File

@@ -0,0 +1,350 @@
From 25e63f1e56f5acdcf91893a1b92ad1e0f2f552d8 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed, 25 Nov 2020 21:17:52 +0000
Subject: Handle caching with EDNS options better.
If we add the EDNS client subnet option, or the client's
MAC address, then the reply we get back may very depending on
that. Since the cache is ignorant of such things, it's not safe to
cache such replies. This patch determines when a dangerous EDNS
option is being added and disables caching.
Note that for much the same reason, we can't combine multiple
queries for the same question when dangerous EDNS options are
being added, and the code now handles that in the same way. This
query combining is required for security against cache poisoning,
so disabling the cache has a security function as well as a
correctness one.
---
man/dnsmasq.8 | 4 +--
src/dnsmasq.h | 3 ++-
src/edns0.c | 75 ++++++++++++++++++++++++++++++++-------------------
src/forward.c | 41 ++++++++++++++++++----------
4 files changed, 78 insertions(+), 45 deletions(-)
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -690,8 +690,8 @@ still marks the request so that no upstr
address information either. The default is zero for both IPv4 and
IPv6. Note that upstream nameservers may be configured to return
different results based on this information, but the dnsmasq cache
-does not take account. If a dnsmasq instance is configured such that
-different results may be encountered, caching should be disabled.
+does not take account. Caching is therefore disabled for such replies,
+unless the subnet address being added is constant.
For example,
.B --add-subnet=24,96
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -644,6 +644,7 @@ struct hostsfile {
#define FREC_TEST_PKTSZ 256
#define FREC_HAS_EXTRADATA 512
#define FREC_HAS_PHEADER 1024
+#define FREC_NO_CACHE 2048
#define HASH_SIZE 32 /* SHA-256 digest size */
@@ -1628,7 +1629,7 @@ size_t add_pseudoheader(struct dns_heade
unsigned short udp_sz, int optno, unsigned char *opt, size_t optlen, int set_do, int replace);
size_t add_do_bit(struct dns_header *header, size_t plen, unsigned char *limit);
size_t add_edns0_config(struct dns_header *header, size_t plen, unsigned char *limit,
- union mysockaddr *source, time_t now, int *check_subnet);
+ union mysockaddr *source, time_t now, int *check_subnet, int *cacheable);
int check_source(struct dns_header *header, size_t plen, unsigned char *pseudoheader, union mysockaddr *peer);
/* arp.c */
--- a/src/edns0.c
+++ b/src/edns0.c
@@ -264,7 +264,8 @@ static void encoder(unsigned char *in, c
out[3] = char64(in[2]);
}
-static size_t add_dns_client(struct dns_header *header, size_t plen, unsigned char *limit, union mysockaddr *l3, time_t now)
+static size_t add_dns_client(struct dns_header *header, size_t plen, unsigned char *limit,
+ union mysockaddr *l3, time_t now, int *cacheablep)
{
int maclen, replace = 2; /* can't get mac address, just delete any incoming. */
unsigned char mac[DHCP_CHADDR_MAX];
@@ -273,6 +274,7 @@ static size_t add_dns_client(struct dns_
if ((maclen = find_mac(l3, mac, 1, now)) == 6)
{
replace = 1;
+ *cacheablep = 0;
if (option_bool(OPT_MAC_HEX))
print_mac(encode, mac, maclen);
@@ -288,14 +290,18 @@ static size_t add_dns_client(struct dns_
}
-static size_t add_mac(struct dns_header *header, size_t plen, unsigned char *limit, union mysockaddr *l3, time_t now)
+static size_t add_mac(struct dns_header *header, size_t plen, unsigned char *limit,
+ union mysockaddr *l3, time_t now, int *cacheablep)
{
int maclen;
unsigned char mac[DHCP_CHADDR_MAX];
if ((maclen = find_mac(l3, mac, 1, now)) != 0)
- plen = add_pseudoheader(header, plen, limit, PACKETSZ, EDNS0_OPTION_MAC, mac, maclen, 0, 0);
-
+ {
+ *cacheablep = 0;
+ plen = add_pseudoheader(header, plen, limit, PACKETSZ, EDNS0_OPTION_MAC, mac, maclen, 0, 0);
+ }
+
return plen;
}
@@ -313,17 +319,18 @@ static void *get_addrp(union mysockaddr
return &addr->in.sin_addr;
}
-static size_t calc_subnet_opt(struct subnet_opt *opt, union mysockaddr *source)
+static size_t calc_subnet_opt(struct subnet_opt *opt, union mysockaddr *source, int *cacheablep)
{
/* http://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-02 */
int len;
void *addrp = NULL;
int sa_family = source->sa.sa_family;
-
+ int cacheable = 0;
+
opt->source_netmask = 0;
opt->scope_netmask = 0;
-
+
if (source->sa.sa_family == AF_INET6 && daemon->add_subnet6)
{
opt->source_netmask = daemon->add_subnet6->mask;
@@ -331,6 +338,7 @@ static size_t calc_subnet_opt(struct sub
{
sa_family = daemon->add_subnet6->addr.sa.sa_family;
addrp = get_addrp(&daemon->add_subnet6->addr, sa_family);
+ cacheable = 1;
}
else
addrp = &source->in6.sin6_addr;
@@ -343,6 +351,7 @@ static size_t calc_subnet_opt(struct sub
{
sa_family = daemon->add_subnet4->addr.sa.sa_family;
addrp = get_addrp(&daemon->add_subnet4->addr, sa_family);
+ cacheable = 1; /* Address is constant */
}
else
addrp = &source->in.sin_addr;
@@ -350,8 +359,6 @@ static size_t calc_subnet_opt(struct sub
opt->family = htons(sa_family == AF_INET6 ? 2 : 1);
- len = 0;
-
if (addrp && opt->source_netmask != 0)
{
len = ((opt->source_netmask - 1) >> 3) + 1;
@@ -359,18 +366,26 @@ static size_t calc_subnet_opt(struct sub
if (opt->source_netmask & 7)
opt->addr[len-1] &= 0xff << (8 - (opt->source_netmask & 7));
}
+ else
+ {
+ cacheable = 1; /* No address ever supplied. */
+ len = 0;
+ }
+
+ if (cacheablep)
+ *cacheablep = cacheable;
return len + 4;
}
-static size_t add_source_addr(struct dns_header *header, size_t plen, unsigned char *limit, union mysockaddr *source)
+static size_t add_source_addr(struct dns_header *header, size_t plen, unsigned char *limit, union mysockaddr *source, int *cacheable)
{
/* http://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-02 */
int len;
struct subnet_opt opt;
- len = calc_subnet_opt(&opt, source);
+ len = calc_subnet_opt(&opt, source, cacheable);
return add_pseudoheader(header, plen, (unsigned char *)limit, PACKETSZ, EDNS0_OPTION_CLIENT_SUBNET, (unsigned char *)&opt, len, 0, 0);
}
@@ -383,18 +398,18 @@ int check_source(struct dns_header *head
unsigned char *p;
int code, i, rdlen;
- calc_len = calc_subnet_opt(&opt, peer);
-
- if (!(p = skip_name(pseudoheader, header, plen, 10)))
- return 1;
-
- p += 8; /* skip UDP length and RCODE */
+ calc_len = calc_subnet_opt(&opt, peer, NULL);
- GETSHORT(rdlen, p);
- if (!CHECK_LEN(header, p, plen, rdlen))
- return 1; /* bad packet */
-
- /* check if option there */
+ if (!(p = skip_name(pseudoheader, header, plen, 10)))
+ return 1;
+
+ p += 8; /* skip UDP length and RCODE */
+
+ GETSHORT(rdlen, p);
+ if (!CHECK_LEN(header, p, plen, rdlen))
+ return 1; /* bad packet */
+
+ /* check if option there */
for (i = 0; i + 4 < rdlen; i += len + 4)
{
GETSHORT(code, p);
@@ -412,24 +427,28 @@ int check_source(struct dns_header *head
return 1;
}
+/* Set *check_subnet if we add a client subnet option, which needs to checked
+ in the reply. Set *cacheable to zero if we add an option which the answer
+ may depend on. */
size_t add_edns0_config(struct dns_header *header, size_t plen, unsigned char *limit,
- union mysockaddr *source, time_t now, int *check_subnet)
+ union mysockaddr *source, time_t now, int *check_subnet, int *cacheable)
{
*check_subnet = 0;
-
+ *cacheable = 1;
+
if (option_bool(OPT_ADD_MAC))
- plen = add_mac(header, plen, limit, source, now);
+ plen = add_mac(header, plen, limit, source, now, cacheable);
if (option_bool(OPT_MAC_B64) || option_bool(OPT_MAC_HEX))
- plen = add_dns_client(header, plen, limit, source, now);
-
+ plen = add_dns_client(header, plen, limit, source, now, cacheable);
+
if (daemon->dns_client_id)
plen = add_pseudoheader(header, plen, limit, PACKETSZ, EDNS0_OPTION_NOMCPEID,
(unsigned char *)daemon->dns_client_id, strlen(daemon->dns_client_id), 0, 1);
if (option_bool(OPT_CLIENT_SUBNET))
{
- plen = add_source_addr(header, plen, limit, source);
+ plen = add_source_addr(header, plen, limit, source, cacheable);
*check_subnet = 1;
}
--- a/src/forward.c
+++ b/src/forward.c
@@ -344,13 +344,10 @@ static int forward_query(int udpfd, unio
{
/* Query from new source, but the same query may be in progress
from another source. If so, just add this client to the
- list that will get the reply.
+ list that will get the reply.*/
- Note that is the EDNS client subnet option is in use, we can't do this,
- as the clients (and therefore query EDNS options) will be different
- for each query. The EDNS subnet code has checks to avoid
- attacks in this case. */
- if (!option_bool(OPT_CLIENT_SUBNET) && (forward = lookup_frec_by_query(hash, fwd_flags)))
+ if (!option_bool(OPT_ADD_MAC) && !option_bool(OPT_MAC_B64) &&
+ (forward = lookup_frec_by_query(hash, fwd_flags)))
{
/* Note whine_malloc() zeros memory. */
if (!daemon->free_frec_src &&
@@ -447,18 +444,21 @@ static int forward_query(int udpfd, unio
if (!flags && forward)
{
struct server *firstsentto = start;
- int subnet, forwarded = 0;
+ int subnet, cacheable, forwarded = 0;
size_t edns0_len;
unsigned char *pheader;
/* If a query is retried, use the log_id for the retry when logging the answer. */
forward->frec_src.log_id = daemon->log_id;
- plen = add_edns0_config(header, plen, ((unsigned char *)header) + PACKETSZ, &forward->frec_src.source, now, &subnet);
+ plen = add_edns0_config(header, plen, ((unsigned char *)header) + PACKETSZ, &forward->frec_src.source, now, &subnet, &cacheable);
if (subnet)
forward->flags |= FREC_HAS_SUBNET;
-
+
+ if (!cacheable)
+ forward->flags |= FREC_NO_CACHE;
+
#ifdef HAVE_DNSSEC
if (option_bool(OPT_DNSSEC_VALID) && do_dnssec)
{
@@ -642,7 +642,7 @@ static size_t process_reply(struct dns_h
}
}
#endif
-
+
if ((pheader = find_pseudoheader(header, n, &plen, &sizep, &is_sign, NULL)))
{
/* Get extended RCODE. */
@@ -1244,6 +1244,11 @@ void reply_query(int fd, int family, tim
header->hb4 |= HB4_CD;
else
header->hb4 &= ~HB4_CD;
+
+ /* Never cache answers which are contingent on the source or MAC address EDSN0 option,
+ since the cache is ignorant of such things. */
+ if (forward->flags & FREC_NO_CACHE)
+ no_cache_dnssec = 1;
if ((nn = process_reply(header, now, forward->sentto, (size_t)n, check_rebind, no_cache_dnssec, cache_secure, bogusanswer,
forward->flags & FREC_AD_QUESTION, forward->flags & FREC_DO_QUESTION,
@@ -1788,7 +1793,7 @@ unsigned char *tcp_request(int confd, ti
int local_auth = 0;
#endif
int checking_disabled, do_bit, added_pheader = 0, have_pseudoheader = 0;
- int check_subnet, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0;
+ int check_subnet, cacheable, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0;
size_t m;
unsigned short qtype;
unsigned int gotname;
@@ -1959,7 +1964,7 @@ unsigned char *tcp_request(int confd, ti
char *domain = NULL;
unsigned char *oph = find_pseudoheader(header, size, NULL, NULL, NULL, NULL);
- size = add_edns0_config(header, size, ((unsigned char *) header) + 65536, &peer_addr, now, &check_subnet);
+ size = add_edns0_config(header, size, ((unsigned char *) header) + 65536, &peer_addr, now, &check_subnet, &cacheable);
if (gotname)
flags = search_servers(now, &addrp, gotname, daemon->namebuff, &type, &domain, &norebind);
@@ -2122,6 +2127,11 @@ unsigned char *tcp_request(int confd, ti
break;
}
+ /* Never cache answers which are contingent on the source or MAC address EDSN0 option,
+ since the cache is ignorant of such things. */
+ if (!cacheable)
+ no_cache_dnssec = 1;
+
m = process_reply(header, now, last_server, (unsigned int)m,
option_bool(OPT_NO_REBIND) && !norebind, no_cache_dnssec, cache_secure, bogusanswer,
ad_reqd, do_bit, added_pheader, check_subnet, &peer_addr);
@@ -2385,10 +2395,13 @@ static struct frec *lookup_frec_by_query
struct frec *f;
/* FREC_DNSKEY and FREC_DS_QUERY are never set in flags, so the test below
- ensures that no frec created for internal DNSSEC query can be returned here. */
+ ensures that no frec created for internal DNSSEC query can be returned here.
+
+ Similarly FREC_NO_CACHE is never set in flags, so a query which is
+ contigent on a particular source address EDNS0 option will never be matched. */
#define FLAGMASK (FREC_CHECKING_DISABLED | FREC_AD_QUESTION | FREC_DO_QUESTION \
- | FREC_HAS_PHEADER | FREC_DNSKEY_QUERY | FREC_DS_QUERY)
+ | FREC_HAS_PHEADER | FREC_DNSKEY_QUERY | FREC_DS_QUERY | FREC_NO_CACHE)
for(f = daemon->frec_list; f; f = f->next)
if (f->sentto &&

181
package/network/services/dnsmasq/patches/0110-Support-hash-function-from-nettle-only.patch Normal file
View File

@@ -0,0 +1,181 @@
From 2024f9729713fd657d65e64c2e4e471baa0a3e5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 25 Nov 2020 17:18:55 +0100
Subject: Support hash function from nettle (only)
Unlike COPTS=-DHAVE_DNSSEC, allow usage of just sha256 function from
nettle, but keep DNSSEC disabled at build time. Skips use of internal
hash implementation without support for validation built-in.
---
Makefile | 8 +++++---
bld/pkg-wrapper | 41 ++++++++++++++++++++++-------------------
src/config.h | 8 ++++++++
src/crypto.c | 7 +++++++
src/dnsmasq.h | 2 +-
src/hash_questions.c | 2 +-
6 files changed, 44 insertions(+), 24 deletions(-)
--- a/Makefile
+++ b/Makefile
@@ -53,7 +53,7 @@ top?=$(CURDIR)
dbus_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --cflags dbus-1`
dbus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --libs dbus-1`
-ubus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_UBUS "" --copy -lubox -lubus`
+ubus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_UBUS "" --copy '-lubox -lubus'`
idn_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --cflags libidn`
idn_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --libs libidn`
idn2_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFIG) --cflags libidn2`
@@ -62,8 +62,10 @@ ct_cflags = `echo $(COPTS) | $(top)/
ct_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --libs libnetfilter_conntrack`
lua_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --cflags lua5.2`
lua_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.2`
-nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags nettle hogweed`
-nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --libs nettle hogweed`
+nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags 'nettle hogweed' \
+ HAVE_NETTLEHASH $(PKG_CONFIG) --cflags nettle`
+nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --libs 'nettle hogweed' \
+ HAVE_NETTLEHASH $(PKG_CONFIG) --libs nettle`
gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC NO_GMP --copy -lgmp`
sunos_libs = `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi`
version = -DVERSION='\"`$(top)/bld/get-version $(top)`\"'
--- a/bld/pkg-wrapper
+++ b/bld/pkg-wrapper
@@ -1,35 +1,37 @@
#!/bin/sh
-search=$1
-shift
-pkg=$1
-shift
-op=$1
-shift
-
in=`cat`
-if grep "^\#[[:space:]]*define[[:space:]]*$search" config.h >/dev/null 2>&1 || \
- echo $in | grep $search >/dev/null 2>&1; then
+search()
+{
+ grep "^\#[[:space:]]*define[[:space:]]*$1" config.h >/dev/null 2>&1 || \
+ echo $in | grep $1 >/dev/null 2>&1
+}
+
+while [ "$#" -gt 0 ]; do
+ search=$1
+ pkg=$2
+ op=$3
+ lib=$4
+ shift 4
+if search "$search"; then
+
# Nasty, nasty, in --copy, arg 2 (if non-empty) is another config to search for, used with NO_GMP
if [ $op = "--copy" ]; then
if [ -z "$pkg" ]; then
- pkg="$*"
- elif grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \
- echo $in | grep $pkg >/dev/null 2>&1; then
+ pkg="$lib"
+ elif search "$pkg"; then
pkg=""
else
- pkg="$*"
+ pkg="$lib"
fi
- elif grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \
- echo $in | grep ${search}_STATIC >/dev/null 2>&1; then
- pkg=`$pkg --static $op $*`
+ elif search "${search}_STATIC"; then
+ pkg=`$pkg --static $op $lib`
else
- pkg=`$pkg $op $*`
+ pkg=`$pkg $op $lib`
fi
- if grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \
- echo $in | grep ${search}_STATIC >/dev/null 2>&1; then
+ if search "${search}_STATIC"; then
if [ $op = "--libs" ] || [ $op = "--copy" ]; then
echo "-Wl,-Bstatic $pkg -Wl,-Bdynamic"
else
@@ -40,3 +42,4 @@ if grep "^\#[[:space:]]*define[[:space:]
fi
fi
+done
--- a/src/config.h
+++ b/src/config.h
@@ -117,6 +117,9 @@ HAVE_AUTH
define this to include the facility to act as an authoritative DNS
server for one or more zones.
+HAVE_NETTLEHASH
+ include just hash function from nettle, but no DNSSEC.
+
HAVE_DNSSEC
include DNSSEC validator.
@@ -184,6 +187,7 @@ RESOLVFILE
/* #define HAVE_IDN */
/* #define HAVE_LIBIDN2 */
/* #define HAVE_CONNTRACK */
+/* #define HAVE_NETTLEHASH */
/* #define HAVE_DNSSEC */
@@ -408,6 +412,10 @@ static char *compile_opts =
"no-"
#endif
"auth "
+#if !defined(HAVE_NETTLEHASH) && !defined(HAVE_DNSSEC)
+"no-"
+#endif
+"nettlehash "
#ifndef HAVE_DNSSEC
"no-"
#endif
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -23,6 +23,9 @@
#include <nettle/ecdsa.h>
#include <nettle/ecc-curve.h>
#include <nettle/eddsa.h>
+#endif
+
+#if defined(HAVE_DNSSEC) || defined(HAVE_NETTLEHASH)
#include <nettle/nettle-meta.h>
#include <nettle/bignum.h>
@@ -165,6 +168,10 @@ int hash_init(const struct nettle_hash *
return 1;
}
+
+#endif
+
+#ifdef HAVE_DNSSEC
static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
unsigned char *digest, size_t digest_len, int algo)
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -150,7 +150,7 @@ extern int capget(cap_user_header_t head
#include <priv.h>
#endif
-#ifdef HAVE_DNSSEC
+#if defined(HAVE_DNSSEC) || defined(HAVE_NETTLEHASH)
# include <nettle/nettle-meta.h>
#endif
--- a/src/hash_questions.c
+++ b/src/hash_questions.c
@@ -28,7 +28,7 @@
#include "dnsmasq.h"
-#ifdef HAVE_DNSSEC
+#if defined(HAVE_DNSSEC) || defined(HAVE_NETTLEHASH)
unsigned char *hash_questions(struct dns_header *header, size_t plen, char *name)
{
int q;

56
package/network/services/dnsmasq/patches/0111-Small-cleanups-in-frec_src-datastucture-handling.patch Normal file
View File

@@ -0,0 +1,56 @@
From 6a6e06fbb0d4690507ceaf2bb6f0d8910f3d4914 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 4 Dec 2020 18:35:11 +0000
Subject: Small cleanups in frec_src datastucture handling.
---
src/forward.c | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
--- a/src/forward.c
+++ b/src/forward.c
@@ -353,7 +353,10 @@ static int forward_query(int udpfd, unio
if (!daemon->free_frec_src &&
daemon->frec_src_count < daemon->ftabsize &&
(daemon->free_frec_src = whine_malloc(sizeof(struct frec_src))))
- daemon->frec_src_count++;
+ {
+ daemon->frec_src_count++;
+ daemon->free_frec_src->next = NULL;
+ }
/* If we've been spammed with many duplicates, just drop the query. */
if (daemon->free_frec_src)
@@ -390,6 +393,7 @@ static int forward_query(int udpfd, unio
forward->frec_src.orig_id = ntohs(header->id);
forward->frec_src.dest = *dst_addr;
forward->frec_src.iface = dst_iface;
+ forward->frec_src.next = NULL;
forward->new_id = get_id();
forward->fd = udpfd;
memcpy(forward->hash, hash, HASH_SIZE);
@@ -2226,16 +2230,16 @@ void free_rfd(struct randfd *rfd)
static void free_frec(struct frec *f)
{
- struct frec_src *src, *tmp;
-
- /* add back to freelist of not the record builtin to every frec. */
- for (src = f->frec_src.next; src; src = tmp)
+ struct frec_src *last;
+
+ /* add back to freelist if not the record builtin to every frec. */
+ for (last = f->frec_src.next; last && last->next; last = last->next) ;
+ if (last)
{
- tmp = src->next;
- src->next = daemon->free_frec_src;
- daemon->free_frec_src = src;
+ last->next = daemon->free_frec_src;
+ daemon->free_frec_src = f->frec_src.next;
}
-
+
f->frec_src.next = NULL;
free_rfd(f->rfd4);
f->rfd4 = NULL;

41
package/network/services/dnsmasq/patches/0112-Add-CVE-numbers-to-security-update-descriptions-in-C.patch Normal file
View File

@@ -0,0 +1,41 @@
From e01e09c7125b40646aff4a582672e711a18a69a4 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 8 Jan 2021 22:50:03 +0000
Subject: Add CVE numbers to security update descriptions in CHANGELOG
---
CHANGELOG | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,16 +1,17 @@
Fix a remote buffer overflow problem in the DNSSEC code. Any
dnsmasq with DNSSEC compiled in and enabled is vulnerable to this,
- referenced by CERT VU#434904.
+ referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683
+ CVE-2020-25687.
Be sure to only accept UDP DNS query replies at the address
from which the query was originated. This keeps as much entropy
in the {query-ID, random-port} tuple as possible, to help defeat
- cache poisoning attacks. Refer: CERT VU#434904.
+ cache poisoning attacks. Refer: CVE-2020-25684.
Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
- the very insecure CRC32 (otherwise). Refer: CERT VU#434904.
+ the very insecure CRC32 (otherwise). Refer: CVE-2020-25685.
Handle multiple identical near simultaneous DNS queries better.
Previously, such queries would all be forwarded
@@ -24,7 +25,7 @@
of the query. The new behaviour detects repeated queries and
merely stores the clients sending repeats so that when the
first query completes, the answer can be sent to all the
- clients who asked. Refer: CERT VU#434904.
+ clients who asked. Refer: CVE-2020-25686.
version 2.81

20
package/network/services/dnsmasq/patches/0113-Fix-warning-message-logic.patch Normal file
View File

@@ -0,0 +1,20 @@
From 503f68dbc437df20a45aab440e6fad92062af229 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 15 Jan 2021 21:53:29 +0000
Subject: Fix warning message logic.
---
src/hash_questions.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/src/hash_questions.c
+++ b/src/hash_questions.c
@@ -43,7 +43,7 @@ unsigned char *hash_questions(struct dns
static unsigned char dummy[HASH_SIZE];
static int warned = 0;
- if (warned)
+ if (!warned)
my_syslog(LOG_ERR, _("Failed to create SHA-256 hash object"));
warned = 1;

29
package/network/services/dnsmasq/patches/0115-Update-to-new-struct-frec-fields-in-conntrack-code.patch Normal file
View File

@@ -0,0 +1,29 @@
From cc0b4489c782f6b90ca118abb18e716a7a831289 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 15 Jan 2021 22:21:52 +0000
Subject: Update to new struct frec fields in conntrack code.
---
src/forward.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/src/forward.c
+++ b/src/forward.c
@@ -530,7 +530,7 @@ static int forward_query(int udpfd, unio
if (option_bool(OPT_CONNTRACK))
{
unsigned int mark;
- if (get_incoming_mark(&forward->source, &forward->dest, 0, &mark))
+ if (get_incoming_mark(&forward->frec_src.source, &forward->frec_src.dest, 0, &mark))
setsockopt(fd, SOL_SOCKET, SO_MARK, &mark, sizeof(unsigned int));
}
#endif
@@ -1178,7 +1178,7 @@ void reply_query(int fd, int family, tim
if (option_bool(OPT_CONNTRACK))
{
unsigned int mark;
- if (get_incoming_mark(&orig->source, &orig->dest, 0, &mark))
+ if (get_incoming_mark(&orig->frec_src.source, &orig->frec_src.dest, 0, &mark))
setsockopt(fd, SOL_SOCKET, SO_MARK, &mark, sizeof(unsigned int));
}
#endif

4
package/network/services/dnsmasq/patches/050-crypto-use-nettle-ecc_curve-access-functions.patch
View File

@@ -15,7 +15,7 @@ Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -294,7 +294,7 @@ static int dnsmasq_ecdsa_verify(struct b
@@ -301,7 +301,7 @@ static int dnsmasq_ecdsa_verify(struct b
if (!(key_256 = whine_malloc(sizeof(struct ecc_point))))
return 0;
@@ -24,7 +24,7 @@ Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
}
key = key_256;
@@ -307,7 +307,7 @@ static int dnsmasq_ecdsa_verify(struct b
@@ -314,7 +314,7 @@ static int dnsmasq_ecdsa_verify(struct b
if (!(key_384 = whine_malloc(sizeof(struct ecc_point))))
return 0;

1
scripts/json_add_image_info.py
View File

@@ -37,6 +37,7 @@ image_info = {
"images": [
{
"type": getenv("IMAGE_TYPE"),
"filesystem": getenv("IMAGE_FILESYSTEM"),
"name": getenv("IMAGE_NAME"),
"sha256": image_hash,
}

2
target/linux/ar71xx/patches-4.14/821-serial-core-add-support-for-boot-console-with-arbitr.patch
View File

@@ -30,7 +30,7 @@ Signed-off-by: Sungbo Eo <mans0n@gorani.run>
uport->cons->cflag = 0;
}
/*
@@ -2072,8 +2074,10 @@ uart_set_options(struct uart_port *port,
@@ -2076,8 +2078,10 @@ uart_set_options(struct uart_port *port,
* Allow the setting of the UART parameters with a NULL console
* too:
*/

4
target/linux/ar71xx/patches-4.14/910-unaligned_access_hacks.patch
View File

@@ -598,7 +598,7 @@
#include <net/if_inet6.h>
--- a/include/net/inet_ecn.h
+++ b/include/net/inet_ecn.h
@@ -125,9 +125,9 @@ static inline int IP6_ECN_set_ce(struct
@@ -126,9 +126,9 @@ static inline int IP6_ECN_set_ce(struct
if (INET_ECN_is_not_ect(ipv6_get_dsfield(iph)))
return 0;
@@ -610,7 +610,7 @@
if (skb->ip_summed == CHECKSUM_COMPLETE)
skb->csum = csum_add(csum_sub(skb->csum, (__force __wsum)from),
(__force __wsum)to);
@@ -136,7 +136,7 @@ static inline int IP6_ECN_set_ce(struct
@@ -137,7 +137,7 @@ static inline int IP6_ECN_set_ce(struct
static inline void IP6_ECN_clear(struct ipv6hdr *iph)
{

2
target/linux/ath25/patches-4.14/130-watchdog.patch
View File

@@ -212,7 +212,7 @@
+MODULE_ALIAS("platform:" DRIVER_NAME);
--- a/drivers/watchdog/Kconfig
+++ b/drivers/watchdog/Kconfig
@@ -1647,6 +1647,13 @@ config PIC32_DMT
@@ -1648,6 +1648,13 @@ config PIC32_DMT
To compile this driver as a loadable module, choose M here.
The module will be called pic32-dmt.

2
target/linux/ath79/image/common-tp-link.mk
View File

@@ -102,6 +102,7 @@ endef
define Device/tplink-safeloader
$(Device/tplink)
KERNEL := kernel-bin | append-dtb | lzma | tplink-v1-header -O
KERNEL_INITRAMFS := $$(KERNEL)
IMAGE/sysupgrade.bin := append-rootfs | tplink-safeloader sysupgrade | \
append-metadata | check-size $$$$(IMAGE_SIZE)
IMAGE/factory.bin := append-rootfs | tplink-safeloader factory
@@ -110,4 +111,5 @@ endef
define Device/tplink-safeloader-uimage
$(Device/tplink-safeloader)
KERNEL := kernel-bin | append-dtb | lzma | uImageArcher lzma
KERNEL_INITRAMFS := $$(KERNEL)
endef

4
target/linux/ath79/patches-4.14/910-unaligned_access_hacks.patch
View File

@@ -578,7 +578,7 @@
#include <net/if_inet6.h>
--- a/include/net/inet_ecn.h
+++ b/include/net/inet_ecn.h
@@ -125,9 +125,9 @@ static inline int IP6_ECN_set_ce(struct
@@ -126,9 +126,9 @@ static inline int IP6_ECN_set_ce(struct
if (INET_ECN_is_not_ect(ipv6_get_dsfield(iph)))
return 0;
@@ -590,7 +590,7 @@
if (skb->ip_summed == CHECKSUM_COMPLETE)
skb->csum = csum_add(csum_sub(skb->csum, (__force __wsum)from),
(__force __wsum)to);
@@ -136,7 +136,7 @@ static inline int IP6_ECN_set_ce(struct
@@ -137,7 +137,7 @@ static inline int IP6_ECN_set_ce(struct
static inline void IP6_ECN_clear(struct ipv6hdr *iph)
{

2
target/linux/ath79/patches-4.14/921-serial-core-add-support-for-boot-console-with-arbitr.patch
View File

@@ -30,7 +30,7 @@ Signed-off-by: Sungbo Eo <mans0n@gorani.run>
uport->cons->cflag = 0;
}
/*
@@ -2072,8 +2074,10 @@ uart_set_options(struct uart_port *port,
@@ -2076,8 +2078,10 @@ uart_set_options(struct uart_port *port,
* Allow the setting of the UART parameters with a NULL console
* too:
*/

2
target/linux/bcm53xx/patches-4.14/905-BCM53573-minor-hacks.patch
View File

@@ -61,7 +61,7 @@ Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
#include <linux/clockchips.h>
#include <linux/clocksource.h>
#include <linux/interrupt.h>
@@ -836,6 +837,16 @@ static void arch_timer_of_configure_rate
@@ -845,6 +846,16 @@ static void arch_timer_of_configure_rate
if (of_property_read_u32(np, "clock-frequency", &arch_timer_rate))
arch_timer_rate = rate;

2
target/linux/brcm47xx/patches-4.14/831-old_gpio_wdt.patch
View File

@@ -4,7 +4,7 @@ Signed-off-by: Mathias Adam <m.adam--openwrt@adamis.de>
--- a/drivers/watchdog/Kconfig
+++ b/drivers/watchdog/Kconfig
@@ -1473,6 +1473,15 @@ config WDT_MTX1
@@ -1474,6 +1474,15 @@ config WDT_MTX1
Hardware driver for the MTX-1 boards. This is a watchdog timer that
will reboot the machine after a 100 seconds timer expired.

2
target/linux/cns3xxx/patches-4.14/075-spi_support.patch
View File

@@ -26,7 +26,7 @@
obj-$(CONFIG_SPI_DLN2) += spi-dln2.o
--- a/include/linux/spi/spi.h
+++ b/include/linux/spi/spi.h
@@ -799,6 +799,10 @@ struct spi_transfer {
@@ -818,6 +818,10 @@ struct spi_transfer {
u32 speed_hz;
struct list_head transfer_list;

4
target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch
View File

@@ -65,7 +65,7 @@ Cc: Kir Kolyshkin <kir@openvz.org>
* Before updating sk_refcnt, we must commit prior changes to memory
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1699,7 +1699,7 @@ u32 tcp_tso_autosize(const struct sock *
@@ -1700,7 +1700,7 @@ u32 tcp_tso_autosize(const struct sock *
{
u32 bytes, segs;
@@ -74,7 +74,7 @@ Cc: Kir Kolyshkin <kir@openvz.org>
sk->sk_gso_max_size - 1 - MAX_TCP_HEADER);
/* Goal is to send at least one packet per ms,
@@ -2217,7 +2217,7 @@ static bool tcp_small_queue_check(struct
@@ -2218,7 +2218,7 @@ static bool tcp_small_queue_check(struct
{
unsigned int limit;

2
target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch
View File

@@ -30,7 +30,7 @@ Signed-off-by: Johan Hovold <johan@kernel.org>
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -2011,7 +2011,8 @@ static const struct usb_device_id option
@@ -2017,7 +2017,8 @@ static const struct usb_device_id option
{ USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d01, 0xff) }, /* D-Link DWM-156 (variant) */
{ USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d02, 0xff) },
{ USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d03, 0xff) },

2
target/linux/generic/backport-4.14/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch
View File

@@ -92,7 +92,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
#endif
--- a/net/bridge/br_netfilter_hooks.c
+++ b/net/bridge/br_netfilter_hooks.c
@@ -991,7 +991,7 @@ int br_nf_hook_thresh(unsigned int hook,
@@ -994,7 +994,7 @@ int br_nf_hook_thresh(unsigned int hook,
unsigned int i;
int ret;

4
target/linux/generic/hack-4.14/204-module_strip.patch
View File

@@ -114,7 +114,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
config MODULES_TREE_LOOKUP
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3024,9 +3024,11 @@ static struct module *setup_load_info(st
@@ -3022,9 +3022,11 @@ static struct module *setup_load_info(st
static int check_modinfo(struct module *mod, struct load_info *info, int flags)
{
@@ -127,7 +127,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (flags & MODULE_INIT_IGNORE_VERMAGIC)
modmagic = NULL;
@@ -3047,6 +3049,7 @@ static int check_modinfo(struct module *
@@ -3045,6 +3047,7 @@ static int check_modinfo(struct module *
mod->name);
add_taint_module(mod, TAINT_OOT_MODULE, LOCKDEP_STILL_OK);
}

61
target/linux/generic/pending-4.14/499-mtd-parser-cmdline-Fix-parsing-of-part-names-with-co.patch
View File

@@ -1,61 +0,0 @@
From: Sven Eckelmann <sven@narfation.org>
Date: Sun, 22 Nov 2020 00:48:33 +0100
Subject: [PATCH RFC] mtd: parser: cmdline: Fix parsing of part-names with colons
Some devices (especially QCA ones) are already using hardcoded partition
names with colons in it. The OpenMesh A62 for example provides following
mtd relevant information via cmdline:
root=31:11 mtdparts=spi0.0:256k(0:SBL1),128k(0:MIBIB),384k(0:QSEE),64k(0:CDT),64k(0:DDRPARAMS),64k(0:APPSBLENV),512k(0:APPSBL),64k(0:ART),64k(custom),64k(0:KEYS),0x002b0000(kernel),0x00c80000(rootfs),15552k(inactive) rootfsname=rootfs rootwait
The change to split only on the last colon between mtd-id and partitions
will cause newpart to see following string for the first partition:
KEYS),0x002b0000(kernel),0x00c80000(rootfs),15552k(inactive)
Such a partition list cannot be parsed and thus the device fails to boot.
Avoid this behavior by making sure that the start of the first part-name
("(") will also be the last byte the mtd-id split algorithm is using for
its colon search.
Forwarded: https://patchwork.ozlabs.org/project/linux-mtd/patch/20201122001533.985641-1-sven@narfation.org/
Fixes: eb13fa022741 ("mtd: parser: cmdline: Support MTD names containing one or more colons")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
--- a/drivers/mtd/cmdlinepart.c
+++ b/drivers/mtd/cmdlinepart.c
@@ -228,7 +228,7 @@ static int mtdpart_setup_real(char *s)
struct cmdline_mtd_partition *this_mtd;
struct mtd_partition *parts;
int mtd_id_len, num_parts;
- char *p, *mtd_id, *semicol;
+ char *p, *mtd_id, *semicol, *open_parenth;
/*
* Replace the first ';' by a NULL char so strrchr can work
@@ -238,6 +238,13 @@ static int mtdpart_setup_real(char *s)
if (semicol)
*semicol = '\0';
+ /* make sure that part-names with ":" will not be handled as
+ * part of the mtd-id with an ":"
+ */
+ open_parenth = strchr(s, '(');
+ if (open_parenth)
+ *open_parenth = '\0';
+
mtd_id = s;
/*
@@ -247,6 +254,10 @@ static int mtdpart_setup_real(char *s)
*/
p = strrchr(s, ':');
+ /* Restore the '(' now. */
+ if (open_parenth)
+ *open_parenth = '(';
+
/* Restore the ';' now. */
if (semicol)
*semicol = ';';

6
target/linux/ipq40xx/patches-4.14/088-0003-i2c-qup-minor-code-reorganization-for-use_dma.patch
View File

@@ -27,7 +27,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
struct dma_pool *dpool;
struct qup_i2c_tag start_tag;
struct qup_i2c_bam brx;
@@ -1288,7 +1290,7 @@ static int qup_i2c_xfer_v2(struct i2c_ad
@@ -1289,7 +1291,7 @@ static int qup_i2c_xfer_v2(struct i2c_ad
int num)
{
struct qup_i2c_dev *qup = i2c_get_adapdata(adap);
@@ -36,7 +36,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
qup->bus_err = 0;
qup->qup_err = 0;
@@ -1317,13 +1319,12 @@ static int qup_i2c_xfer_v2(struct i2c_ad
@@ -1318,13 +1320,12 @@ static int qup_i2c_xfer_v2(struct i2c_ad
len = (msgs[idx].len > qup->out_fifo_sz) ||
(msgs[idx].len > qup->in_fifo_sz);
@@ -54,7 +54,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
}
idx = 0;
@@ -1347,15 +1348,17 @@ static int qup_i2c_xfer_v2(struct i2c_ad
@@ -1348,15 +1349,17 @@ static int qup_i2c_xfer_v2(struct i2c_ad
reinit_completion(&qup->xfer);

4
target/linux/ipq40xx/patches-4.14/088-0004-i2c-qup-remove-redundant-variables-for-BAM-SG-count.patch
View File

@@ -149,7 +149,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
DMA_PREP_INTERRUPT);
if (!rxd) {
dev_err(qup->dev, "failed to get rx desc\n");
@@ -844,7 +838,7 @@ static int qup_i2c_bam_do_xfer(struct qu
@@ -845,7 +839,7 @@ static int qup_i2c_bam_do_xfer(struct qu
goto desc_err;
}
@@ -158,7 +158,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
writel(QUP_BAM_INPUT_EOT,
qup->base + QUP_OUT_FIFO_BASE);
@@ -862,10 +856,10 @@ static int qup_i2c_bam_do_xfer(struct qu
@@ -863,10 +857,10 @@ static int qup_i2c_bam_do_xfer(struct qu
}
desc_err:

2
target/linux/ipq40xx/patches-4.14/088-0007-i2c-qup-proper-error-handling-for-i2c-error-in-BAM-m.patch
View File

@@ -67,7 +67,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
goto done;
}
@@ -847,20 +862,12 @@ static int qup_i2c_bam_do_xfer(struct qu
@@ -848,20 +863,12 @@ static int qup_i2c_bam_do_xfer(struct qu
goto desc_err;
}

4
target/linux/ipq40xx/patches-4.14/088-0008-i2c-qup-use-the-complete-transfer-length-to-choose-D.patch
View File

@@ -22,7 +22,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
--- a/drivers/i2c/busses/i2c-qup.c
+++ b/drivers/i2c/busses/i2c-qup.c
@@ -1300,7 +1300,8 @@ static int qup_i2c_xfer_v2(struct i2c_ad
@@ -1301,7 +1301,8 @@ static int qup_i2c_xfer_v2(struct i2c_ad
int num)
{
struct qup_i2c_dev *qup = i2c_get_adapdata(adap);
@@ -32,7 +32,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
qup->bus_err = 0;
qup->qup_err = 0;
@@ -1326,14 +1327,14 @@ static int qup_i2c_xfer_v2(struct i2c_ad
@@ -1327,14 +1328,14 @@ static int qup_i2c_xfer_v2(struct i2c_ad
goto out;
}

2
target/linux/ipq40xx/patches-4.14/088-0009-i2c-qup-change-completion-timeout-according-to-trans.patch
View File

@@ -50,7 +50,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
dev_err(qup->dev, "normal trans timed out\n");
ret = -ETIMEDOUT;
}
@@ -1605,6 +1610,8 @@ nodma:
@@ -1606,6 +1611,8 @@ nodma:
*/
one_bit_t = (USEC_PER_SEC / clk_freq) + 1;
qup->one_byte_t = one_bit_t * 9;

8
target/linux/ipq40xx/patches-4.14/088-0010-i2c-qup-fix-buffer-overflow-for-multiple-msg-of-maxi.patch
View File

@@ -233,7 +233,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
/* schedule the EOT and FLUSH I2C tags */
len = 1;
if (rx_cnt) {
@@ -886,11 +878,19 @@ desc_err:
@@ -887,11 +879,19 @@ desc_err:
return ret;
}
@@ -253,7 +253,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
enable_irq(qup->irq);
ret = qup_i2c_req_dma(qup);
@@ -913,9 +913,34 @@ static int qup_i2c_bam_xfer(struct i2c_a
@@ -914,9 +914,34 @@ static int qup_i2c_bam_xfer(struct i2c_a
goto out;
writel(qup->clk_ctl, qup->base + QUP_I2C_CLK_CTL);
@@ -290,7 +290,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
out:
disable_irq(qup->irq);
@@ -1468,7 +1493,8 @@ static int qup_i2c_probe(struct platform
@@ -1469,7 +1494,8 @@ static int qup_i2c_probe(struct platform
else if (ret != 0)
goto nodma;
@@ -300,7 +300,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
qup->btx.sg = devm_kzalloc(&pdev->dev,
sizeof(*qup->btx.sg) * blocks,
GFP_KERNEL);
@@ -1611,7 +1637,7 @@ nodma:
@@ -1612,7 +1638,7 @@ nodma:
one_bit_t = (USEC_PER_SEC / clk_freq) + 1;
qup->one_byte_t = one_bit_t * 9;
qup->xfer_timeout = TOUT_MIN * HZ +

10
target/linux/ipq40xx/patches-4.14/088-0012-i2c-qup-reorganization-of-driver-code-to-remove-poll.patch
View File

@@ -283,7 +283,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
}
static void qup_i2c_set_blk_data(struct qup_i2c_dev *qup,
@@ -1006,64 +1075,6 @@ err:
@@ -1007,64 +1076,6 @@ err:
return ret;
}
@@ -348,7 +348,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
static void qup_i2c_set_read_mode_v2(struct qup_i2c_dev *qup, int len)
{
int tx_len = qup->blk.tx_tag_len;
@@ -1086,44 +1097,27 @@ static void qup_i2c_set_read_mode_v2(str
@@ -1087,44 +1098,27 @@ static void qup_i2c_set_read_mode_v2(str
}
}
@@ -402,7 +402,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
}
static int qup_i2c_read_fifo_v2(struct qup_i2c_dev *qup,
@@ -1224,49 +1218,130 @@ err:
@@ -1225,49 +1219,130 @@ err:
return ret;
}
@@ -552,7 +552,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
static int qup_i2c_xfer(struct i2c_adapter *adap,
struct i2c_msg msgs[],
int num)
@@ -1305,10 +1380,11 @@ static int qup_i2c_xfer(struct i2c_adapt
@@ -1306,10 +1381,11 @@ static int qup_i2c_xfer(struct i2c_adapt
goto out;
}
@@ -566,7 +566,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
if (ret)
break;
@@ -1487,6 +1563,10 @@ static int qup_i2c_probe(struct platform
@@ -1488,6 +1564,10 @@ static int qup_i2c_probe(struct platform
if (of_device_is_compatible(pdev->dev.of_node, "qcom,i2c-qup-v1.1.1")) {
qup->adap.algo = &qup_i2c_algo;
qup->adap.quirks = &qup_i2c_quirks;

18
target/linux/ipq40xx/patches-4.14/088-0013-i2c-qup-reorganization-of-driver-code-to-remove-poll.patch
View File

@@ -386,7 +386,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
qup_i2c_set_blk_data(qup, msg);
blocks = qup->blk.count;
@@ -1026,7 +897,7 @@ static int qup_i2c_wait_for_complete(str
@@ -1027,7 +898,7 @@ static int qup_i2c_wait_for_complete(str
unsigned long left;
int ret = 0;
@@ -395,7 +395,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
if (!left) {
writel(1, qup->base + QUP_SW_RESET);
ret = -ETIMEDOUT;
@@ -1038,65 +909,6 @@ static int qup_i2c_wait_for_complete(str
@@ -1039,65 +910,6 @@ static int qup_i2c_wait_for_complete(str
return ret;
}
@@ -461,7 +461,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
static void qup_i2c_read_rx_fifo_v1(struct qup_i2c_dev *qup)
{
struct qup_i2c_block *blk = &qup->blk;
@@ -1120,104 +932,6 @@ static void qup_i2c_read_rx_fifo_v1(stru
@@ -1121,104 +933,6 @@ static void qup_i2c_read_rx_fifo_v1(stru
blk->rx_bytes_read = true;
}
@@ -566,7 +566,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
static void qup_i2c_write_rx_tags_v1(struct qup_i2c_dev *qup)
{
struct i2c_msg *msg = qup->msg;
@@ -1404,13 +1118,434 @@ out:
@@ -1405,13 +1119,434 @@ out:
return ret;
}
@@ -1002,7 +1002,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
qup->bus_err = 0;
qup->qup_err = 0;
@@ -1419,6 +1554,10 @@ static int qup_i2c_xfer_v2(struct i2c_ad
@@ -1420,6 +1555,10 @@ static int qup_i2c_xfer_v2(struct i2c_ad
if (ret < 0)
goto out;
@@ -1013,7 +1013,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
writel(1, qup->base + QUP_SW_RESET);
ret = qup_i2c_poll_state(qup, QUP_RESET_STATE);
if (ret)
@@ -1428,60 +1567,35 @@ static int qup_i2c_xfer_v2(struct i2c_ad
@@ -1429,60 +1568,35 @@ static int qup_i2c_xfer_v2(struct i2c_ad
writel(I2C_MINI_CORE | I2C_N_VAL_V2, qup->base + QUP_CONFIG);
writel(QUP_V2_TAGS_EN, qup->base + QUP_I2C_MASTER_GEN);
@@ -1095,7 +1095,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
if (ret == 0)
ret = num;
@@ -1545,6 +1659,7 @@ static int qup_i2c_probe(struct platform
@@ -1546,6 +1660,7 @@ static int qup_i2c_probe(struct platform
u32 src_clk_freq = DEFAULT_SRC_CLK;
u32 clk_freq = DEFAULT_CLK_FREQ;
int blocks;
@@ -1103,7 +1103,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
qup = devm_kzalloc(&pdev->dev, sizeof(*qup), GFP_KERNEL);
if (!qup)
@@ -1563,12 +1678,10 @@ static int qup_i2c_probe(struct platform
@@ -1564,12 +1679,10 @@ static int qup_i2c_probe(struct platform
if (of_device_is_compatible(pdev->dev.of_node, "qcom,i2c-qup-v1.1.1")) {
qup->adap.algo = &qup_i2c_algo;
qup->adap.quirks = &qup_i2c_quirks;
@@ -1118,7 +1118,7 @@ Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
ret = qup_i2c_req_dma(qup);
if (ret == -EPROBE_DEFER)
@@ -1694,14 +1807,31 @@ nodma:
@@ -1695,14 +1808,31 @@ nodma:
ret = -EIO;
goto fail;
}

8
target/linux/ipq806x/patches-4.14/0071-1-PCI-qcom-Fixed-IPQ806x-specific-clocks.patch
View File

@@ -20,7 +20,7 @@ Signed-off-by: Sham Muthayyan <smuthayy@codeaurora.org>
struct reset_control *pci_reset;
struct reset_control *axi_reset;
struct reset_control *ahb_reset;
@@ -249,6 +251,14 @@ static int qcom_pcie_get_resources_2_1_0
@@ -250,6 +252,14 @@ static int qcom_pcie_get_resources_2_1_0
if (IS_ERR(res->phy_clk))
return PTR_ERR(res->phy_clk);
@@ -35,7 +35,7 @@ Signed-off-by: Sham Muthayyan <smuthayy@codeaurora.org>
res->pci_reset = devm_reset_control_get_exclusive(dev, "pci");
if (IS_ERR(res->pci_reset))
return PTR_ERR(res->pci_reset);
@@ -281,6 +291,8 @@ static void qcom_pcie_deinit_2_1_0(struc
@@ -287,6 +297,8 @@ static void qcom_pcie_deinit_2_1_0(struc
clk_disable_unprepare(res->iface_clk);
clk_disable_unprepare(res->core_clk);
clk_disable_unprepare(res->phy_clk);
@@ -44,7 +44,7 @@ Signed-off-by: Sham Muthayyan <smuthayy@codeaurora.org>
regulator_disable(res->vdda);
regulator_disable(res->vdda_phy);
regulator_disable(res->vdda_refclk);
@@ -324,16 +336,28 @@ static int qcom_pcie_init_2_1_0(struct q
@@ -330,16 +342,28 @@ static int qcom_pcie_init_2_1_0(struct q
goto err_assert_ahb;
}
@@ -76,7 +76,7 @@ Signed-off-by: Sham Muthayyan <smuthayy@codeaurora.org>
}
ret = reset_control_deassert(res->ahb_reset);
@@ -389,10 +413,14 @@ static int qcom_pcie_init_2_1_0(struct q
@@ -401,10 +425,14 @@ static int qcom_pcie_init_2_1_0(struct q
return 0;
err_deassert_ahb:

85
target/linux/ipq806x/patches-4.14/0071-2-PCI-qcom-Fixed-IPQ806x-PCIE-reset-changes.patch
View File

@@ -1,85 +0,0 @@
From 490d103232287eb51c92c49a4ef8865fd0a9d59e Mon Sep 17 00:00:00 2001
From: Sham Muthayyan <smuthayy@codeaurora.org>
Date: Tue, 19 Jul 2016 18:58:18 +0530
Subject: PCI: qcom: Fixed IPQ806x PCIE reset changes
Change-Id: Ia6590e960b9754b1e8b7a51f318788cd63e9e321
Signed-off-by: Sham Muthayyan <smuthayy@codeaurora.org>
---
drivers/pci/host/pcie-qcom.c | 24 +++++++++++++++++++-----
1 file changed, 19 insertions(+), 5 deletions(-)
--- a/drivers/pci/dwc/pcie-qcom.c
+++ b/drivers/pci/dwc/pcie-qcom.c
@@ -98,6 +98,7 @@ struct qcom_pcie_resources_2_1_0 {
struct reset_control *ahb_reset;
struct reset_control *por_reset;
struct reset_control *phy_reset;
+ struct reset_control *ext_reset;
struct regulator *vdda;
struct regulator *vdda_phy;
struct regulator *vdda_refclk;
@@ -275,6 +276,10 @@ static int qcom_pcie_get_resources_2_1_0
if (IS_ERR(res->por_reset))
return PTR_ERR(res->por_reset);
+ res->ext_reset = devm_reset_control_get(dev, "ext");
+ if (IS_ERR(res->ext_reset))
+ return PTR_ERR(res->ext_reset);
+
res->phy_reset = devm_reset_control_get_exclusive(dev, "phy");
return PTR_ERR_OR_ZERO(res->phy_reset);
}
@@ -288,6 +293,7 @@ static void qcom_pcie_deinit_2_1_0(struc
reset_control_assert(res->ahb_reset);
reset_control_assert(res->por_reset);
reset_control_assert(res->pci_reset);
+ reset_control_assert(res->ext_reset);
clk_disable_unprepare(res->iface_clk);
clk_disable_unprepare(res->core_clk);
clk_disable_unprepare(res->phy_clk);
@@ -306,6 +312,12 @@ static int qcom_pcie_init_2_1_0(struct q
u32 val;
int ret;
+ ret = reset_control_assert(res->ahb_reset);
+ if (ret) {
+ dev_err(dev, "cannot assert ahb reset\n");
+ return ret;
+ }
+
ret = regulator_enable(res->vdda);
if (ret) {
dev_err(dev, "cannot enable vdda regulator\n");
@@ -324,16 +336,16 @@ static int qcom_pcie_init_2_1_0(struct q
goto err_vdda_phy;
}
- ret = reset_control_assert(res->ahb_reset);
+ ret = reset_control_deassert(res->ext_reset);
if (ret) {
- dev_err(dev, "cannot assert ahb reset\n");
- goto err_assert_ahb;
+ dev_err(dev, "cannot assert ext reset\n");
+ goto err_reset_ext;
}
ret = clk_prepare_enable(res->iface_clk);
if (ret) {
dev_err(dev, "cannot prepare/enable iface clock\n");
- goto err_assert_ahb;
+ goto err_iface;
}
ret = clk_prepare_enable(res->core_clk);
@@ -422,7 +434,9 @@ err_clk_phy:
clk_disable_unprepare(res->core_clk);
err_clk_core:
clk_disable_unprepare(res->iface_clk);
-err_assert_ahb:
+err_iface:
+ reset_control_assert(res->ext_reset);
+err_reset_ext:
regulator_disable(res->vdda_phy);
err_vdda_phy:
regulator_disable(res->vdda_refclk);

2
target/linux/ipq806x/patches-4.14/0071-3-PCI-qcom-Fixed-IPQ806x-PCIE-init-changes.patch
View File

@@ -87,7 +87,7 @@ Signed-off-by: Sham Muthayyan <smuthayy@codeaurora.org>
- u32 val;
int ret;
ret = reset_control_assert(res->ahb_reset);
ret = regulator_enable(res->vdda);
@@ -378,15 +410,26 @@ static int qcom_pcie_init_2_1_0(struct q
goto err_deassert_ahb;
}

4
target/linux/ipq806x/patches-4.14/0071-6-PCI-qcom-Force-GEN1-support.patch
View File

@@ -40,7 +40,7 @@ Signed-off-by: Sham Muthayyan <smuthayy@codeaurora.org>
/* Set the Max TLP size to 2K, instead of using default of 4K */
@@ -1382,6 +1390,8 @@ static int qcom_pcie_probe(struct platfo
@@ -1380,6 +1388,8 @@ static int qcom_pcie_probe(struct platfo
struct dw_pcie *pci;
struct qcom_pcie *pcie;
int ret;
@@ -49,7 +49,7 @@ Signed-off-by: Sham Muthayyan <smuthayy@codeaurora.org>
pcie = devm_kzalloc(dev, sizeof(*pcie), GFP_KERNEL);
if (!pcie)
@@ -1403,6 +1413,9 @@ static int qcom_pcie_probe(struct platfo
@@ -1401,6 +1411,9 @@ static int qcom_pcie_probe(struct platfo
if (IS_ERR(pcie->reset))
return PTR_ERR(pcie->reset);

Some files were not shown because too many files have changed in this diff Show More