Re: tplink-safeloader: add TP-Link CPE605 v1 Support
Hi Andrew,
On Wed, 2022-11-09 at 13:23 +, Andrew Cameron wrote:
> From: Andrew Cameron
>
> Enable creating images compatible with the TP-Link CPE605 v1 Router
Could you also add the original layout as defined in the vendor FW?
See for example commit 71e1db65a548 ("tplink-safeloader: add TP-Link Deco S4 v2
support")
>
> Signed-off-by: Andrew Cameron
> ---
> src/tplink-safeloader.c | 38 ++
> 1 file changed, 38 insertions(+)
>
> diff --git a/src/tplink-safeloader.c b/src/tplink-safeloader.c
> index 7f9081d..b920191 100644
> --- a/src/tplink-safeloader.c
> +++ b/src/tplink-safeloader.c
> @@ -468,6 +468,44 @@ static struct device_info boards[] = {
> .last_sysupgrade_partition = "support-list",
> },
>
> + /** Firmware layout for the CPE605V1 */
Comparing to the FW found at [1], there seem to be some discrepancies.
[1] https://static.tp-link.com/2020/202012/20201216/CPE605(UN)_v1.0_20201028.zip
> + {
> + .id = "CPE605V1",
> + .vendor = "CPE605(TP-LINK|UN|N150-5):1.0\r\n",
> + .support_list =
> + "SupportList:\r\n"
> + "CPE605(TP-LINK|UN|N150-5|):1.0\r\n"
> + "CPE605(TP-LINK|EU|N150-5|4555):1.0\r\n"
> + "CPE605(TP-LINK|US|N150-5|5553):1.0\r\n"
> + "CPE605(TP-LINK|UN|N150-5):1.0\r\n"
> + "CPE605(TP-LINK|EU|N150-5):1.0\r\n"
> + "CPE605(TP-LINK|US|N150-5):1.0\r\n",
The last three items are absent. Not that it matters much to have too many
items, since the support-list partition has room for 0x1000 bytes.
> + .part_trail = 0xff,
Partition blobs are followed by a 0x00 byte. Again, this is normally ignored by
TP-Link upgrade software, but this is here to mirror vendor FW as closely as
possible. (If you have another FW upgrade binary which actually does have 0xff
as trailing bytes, then that just goes to show how little this actually
matters.)
> + .soft_ver = SOFT_VER_DEFAULT,
> +
> + .partitions = {
> + {"fs-uboot", 0x0, 0x2},
> + {"partition-table", 0x2, 0x02000},
> + {"default-mac", 0x3, 0x00020},
> + {"serial-number", 0x30100, 0x00020},
> + {"product-info", 0x31100, 0x00100},
> + {"device-info", 0x31400, 0x00400},
> + {"signature", 0x32000, 0x00400},
> + {"device-id", 0x33000, 0x00100},
> + {"firmware", 0x4, 0x77},
A note is typically added that the 'firmware' partition replaces the 'os-image'
and 'file-system' partitions.
In the FW image I downloaded, the order of partitions is the following though
(from `tplink-safeloader -i`):
0004 0017 os-image
001b 0100 soft-version
001b1000 1000 support-list
001c 0060 file-system
with 'soft-version' and 'support-list' _between_ 'os-image' and 'file-system'.
I'm not sure if the upgrade utility will relocate these partitions and use the
updated partition layout (as definded here and provided by the OpenWrt factory
image). Did you verify this?
If the partitions are in fact relocated, I assume the 'partition-table', 'soft-
version' and 'support-list' contents from the OpenWrt factory image are used.
Which should make it safe to return to stock FW as long as the kernel is at the
same location (bootloader), because it would also use the new layout, and
relocate things again when on the next vendor-to-vendor upgrade.
Best,
Sander
> + {"soft-version", 0x7b, 0x00100},
> + {"support-list", 0x7b1000, 0x01000},
> + {"user-config", 0x7c, 0x1},
> + {"default-config", 0x7d, 0x1},
> + {"log", 0x7e, 0x1},
> + {"radio", 0x7f, 0x1},
> + {NULL, 0, 0}
> + },
> +
> + .first_sysupgrade_partition = "os-image",
> + .last_sysupgrade_partition = "support-list",
> + },
> +
> /** Firmware layout for the CPE610V1 */
> {
> .id = "CPE610V1",
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] build: add option to use preinit IP as LAN IP
The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software.--- Begin Message --- We currently have build options to customize the IP address used in the preinit phase of the boot process, but not to set the default LAN IP. Introduce a boolean build option that, when enabled, results in the IP address configured for the preinit phase, to be also used as the default LAN IP address. Signed-off-by: Stijn Tintel --- package/base-files/Makefile| 13 + package/base-files/image-config.in | 7 +++ 2 files changed, 20 insertions(+) diff --git a/package/base-files/Makefile b/package/base-files/Makefile index 914f0598ff..8732f82fb9 100644 --- a/package/base-files/Makefile +++ b/package/base-files/Makefile @@ -89,6 +89,19 @@ define ImageConfigOptions echo 'pi_preinit_net_messages="$(CONFIG_TARGET_PREINIT_SHOW_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf echo 'pi_preinit_no_failsafe_netmsg="$(CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf echo 'pi_preinit_no_failsafe="$(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE)"' >>$(1)/lib/preinit/00_preinit.conf +ifeq ($(CONFIG_TARGET_DEFAULT_LAN_IP_FROM_PREINIT),y) + mkdir -p $(1)/etc/board.d + echo '. /lib/functions/uci-defaults.sh' >$(1)/etc/board.d/99-lan-ip + echo 'logger -t 99-lan-ip "setting custom default LAN IP"' >>$(1)/etc/board.d/99-lan-ip + echo 'board_config_update' >>$(1)/etc/board.d/99-lan-ip + echo 'json_select network' >>$(1)/etc/board.d/99-lan-ip + echo 'json_select lan' >>$(1)/etc/board.d/99-lan-ip + echo 'json_add_string ipaddr $(if $(CONFIG_TARGET_PREINIT_IP),$(CONFIG_TARGET_PREINIT_IP),"192.168.1.1")' >>$(1)/etc/board.d/99-lan-ip + echo 'json_add_string netmask $(if $(CONFIG_TARGET_PREINIT_NETMASK),$(CONFIG_TARGET_PREINIT_NETMASK),"255.255.255.0")' >>$(1)/etc/board.d/99-lan-ip + echo 'json_select ..' >>$(1)/etc/board.d/99-lan-ip + echo 'json_select ..' >>$(1)/etc/board.d/99-lan-ip + echo 'board_config_flush' >>$(1)/etc/board.d/99-lan-ip +endif endef define Build/Prepare diff --git a/package/base-files/image-config.in b/package/base-files/image-config.in index ac406bc456..2de2130b84 100644 --- a/package/base-files/image-config.in +++ b/package/base-files/image-config.in @@ -5,6 +5,13 @@ # See /LICENSE for more information. # +config TARGET_DEFAULT_LAN_IP_FROM_PREINIT + bool "Use preinit IP configuration as default LAN IP" if IMAGEOPT + default n + help + Enabling this will set the default LAN IP address and netmask + to the preinit values set in the image config. + menuconfig PREINITOPT bool "Preinit configuration options" if IMAGEOPT default n -- 2.37.4 --- End Message --- ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[BACKPORT 22.03 v2 1/2] comgt-ncm: add support for quectel modem EC200T-EU
context_type is an integer mapping of pdptype:
1: IPV4
2: IPV6
3: IPV4V6
Signed-off-by: Jan-Niklas Burfeind
(cherry picked from commit 13f82ce264ed2d02c66cb2cae8f013c8f64a979f)
---
I sent the patch a few hours eatlier, but missed the development list.
Commit-ID changed as I wrongly changed the commit-title earlier.
Sorry for the noise Arınç and thanks to David.
package/network/utils/comgt/files/ncm.json | 16
package/network/utils/comgt/files/ncm.sh | 6 ++
2 files changed, 22 insertions(+)
diff --git a/package/network/utils/comgt/files/ncm.json
b/package/network/utils/comgt/files/ncm.json
index b6ad717529..7d9a38fe36 100644
--- a/package/network/utils/comgt/files/ncm.json
+++ b/package/network/utils/comgt/files/ncm.json
@@ -75,6 +75,22 @@
"finalize": "AT+CGDATA=\\\"M-MBIM\\\",${profile},1",
"disconnect": "AT+CGACT=0,${profile}"
},
+ "quectel": {
+ "initialize": [
+ "AT+CFUN=1"
+ ],
+ "configure": [
+
"at+qicsgp=${profile},${context_type},\\\"${apn}\\\",\\\"${username}\\\",\\\"${password}\\\",0"
+ ],
+ "modes": {
+ "lte": "AT+QCFG=\\\"nwscanmode\\\",3",
+ "umts": "AT+QCFG=\\\"nwscanmode\\\",2",
+ "gsm": "AT+QCFG=\\\"nwscanmode\\\",1",
+ "auto": "AT+QCFG=\\\"nwscanmode\\\",0"
+ },
+ "connect": "AT+qnetdevctl=1,${profile},1",
+ "disconnect": "AT+qnetdevctl=0,${profile},0"
+ },
"\"zte": {
"initialize": [
"AT+CFUN=1"
diff --git a/package/network/utils/comgt/files/ncm.sh
b/package/network/utils/comgt/files/ncm.sh
index a2c913ea1d..2f36697487 100644
--- a/package/network/utils/comgt/files/ncm.sh
+++ b/package/network/utils/comgt/files/ncm.sh
@@ -31,6 +31,8 @@ proto_ncm_setup() {
local device ifname apn auth username password pincode delay mode
pdptype profile $PROTO_DEFAULT_OPTIONS
json_get_vars device ifname apn auth username password pincode delay
mode pdptype profile $PROTO_DEFAULT_OPTIONS
+ local context_type
+
[ "$metric" = "" ] && metric="0"
[ -n "$profile" ] || profile=1
@@ -38,6 +40,10 @@ proto_ncm_setup() {
pdptype=$(echo "$pdptype" | awk '{print toupper($0)}')
[ "$pdptype" = "IP" -o "$pdptype" = "IPV6" -o "$pdptype" = "IPV4V6" ]
|| pdptype="IP"
+ [ "$pdptype" = "IPV4V6" ] && context_type=3
+ [ -z "$context_type" -a "$pdptype" = "IPV6" ] && context_type=2
+ [ -n "$context_type" ] || context_type=1
+
[ -n "$ctl_device" ] && device=$ctl_device
[ -n "$device" ] || {
--
2.38.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[BACKPORT 22.03 v2 2/2] ramips: add support for Wavlink WS-WN572HP3 4G
Wavlink WS-WN572HP3 4G is an 802.11ac
dual-band outdoor router with LTE support.
Specifications;
* Soc: MT7621DAT
* RAM: 128MiB
* Flash: NOR 16MiB GD-25Q128ESIG3
* Wi-Fi:
* MT7613BEN: 5GHz
* MT7603EN: 2.4GHz
* Ethernet: 2x 1GbE
* USB: None - only used internally
* LTE Modem: Quectel EC200T-EU
* UART: 115200 baud
* LEDs:
* 7 blue at the front
* 1 Power
* 2 LAN / WAN
* 1 Status
* 3 RSSI (annotated 4G)
* 1 green at the bottom (4G LED)
* Buttons: 1 reset button
Installation:
* press and hold the reset button while powering on the device
* keep it pressed for ten seconds
* connect to 192.168.10.1 via webbrowser (chromium/chrome works, at
least Firefox 106.0.3 does not)
* upload the sysupgrade image, confirm the checksum, wait 2 minutes
until the device reboots
Revert to stock firmware:
* same as installation but use the recovery image for WL-WN572HP3
Signed-off-by: Jan-Niklas Burfeind
Acked-by: Arınç ÜNAL
(cherry picked from commit dce66899bf243d78689afcc693340b891bbf4c2d)
---
.../dts/mt7621_wavlink_ws-wn572hp3-4g.dts | 184 ++
target/linux/ramips/image/mt7621.mk | 17 ++
.../mt7621/base-files/etc/board.d/02_network | 1 +
3 files changed, 202 insertions(+)
create mode 100644 target/linux/ramips/dts/mt7621_wavlink_ws-wn572hp3-4g.dts
diff --git a/target/linux/ramips/dts/mt7621_wavlink_ws-wn572hp3-4g.dts
b/target/linux/ramips/dts/mt7621_wavlink_ws-wn572hp3-4g.dts
new file mode 100644
index 00..60d0708a80
--- /dev/null
+++ b/target/linux/ramips/dts/mt7621_wavlink_ws-wn572hp3-4g.dts
@@ -0,0 +1,184 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
+#include "mt7621.dtsi"
+
+#include
+#include
+
+/ {
+ compatible = "wavlink,ws-wn572hp3-4g", "mediatek,mt7621-soc";
+ model = "Wavlink WS-WN572HP3 4G";
+
+ chosen {
+ bootargs = "console=ttyS0,115200";
+ };
+
+ aliases {
+ label-mac-device = &wifi1;
+ led-boot = &led_status_blue;
+ led-failsafe = &led_status_blue;
+ led-running = &led_status_blue;
+ led-upgrade = &led_status_blue;
+ };
+
+ keys {
+ compatible = "gpio-keys";
+
+ reset {
+ label = "Reset Button";
+ gpios = <&gpio 18 GPIO_ACTIVE_LOW>;
+ linux,code = ;
+ };
+ };
+
+ leds {
+ compatible = "gpio-leds";
+
+ rssihigh {
+ label = "blue:rssihigh";
+ gpios = <&gpio 4 GPIO_ACTIVE_LOW>;
+ };
+
+ rssimedium {
+ label = "blue:rssimedium";
+ gpios = <&gpio 17 GPIO_ACTIVE_LOW>;
+ };
+
+ rssilow {
+ label = "blue:rssilow";
+ gpios = <&gpio 16 GPIO_ACTIVE_LOW>;
+ };
+
+ led_status_blue: status_blue {
+ label = "blue:status";
+ gpios = <&gpio 3 GPIO_ACTIVE_LOW>;
+ };
+
+ // gpio 15 would be Quectels PWRKEY if used
+ };
+};
+
+&spi0 {
+ status = "okay";
+
+ flash@0 {
+ compatible = "jedec,spi-nor";
+ reg = <0>;
+ spi-max-frequency = <4000>;
+
+ partitions {
+ compatible = "fixed-partitions";
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ partition@0 {
+ label = "u-boot";
+ reg = <0x0 0x3>;
+ read-only;
+ };
+
+ partition@3 {
+ label = "config";
+ reg = <0x3 0x1>;
+ read-only;
+ };
+
+ factory: partition@4 {
+ label = "factory";
+ reg = <0x4 0x1>;
+ read-only;
+ };
+
+ partition@5 {
+ compatible = "denx,fit";
+ label = "firmware";
+ reg = <0x5 0xf3>;
+ };
+
+ partition@f0 {
+ label = "vendor";
+ reg = <0xf8 0x8>;
+ read-only;
+ };
+ };
+ };
+};
+
+&pcie {
+ status = "okay";
+};
+
+&pcie0 {
+ wifi0: mt76@0,0 {
+ compatible = "mediatek,mt76";
+ reg = <0x 0 0 0 0>;
+ mediatek,mtd-eeprom = <&factory 0x0>;
+ };
+};
+
+&pcie1 {
+ wifi1: mt76@0,0 {
+
[PATCH v2] image: fix device profile specific COMPILE targets
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.--- Begin Message ---
Commit a01d23e75 ("image: always rebuild kernel loaders")
is a step in the right direction, but exposed some issues
and regressions in the makefile.
1. Some of the files made by device specific COMPILE targets
start with an "append" command (i.e. >> instead of > redirection)
and if the file already exists, the target file is an
input to itself before the first recipe input to the file.
2. Some of the device specific COMPILE targets,
like the lzma-loader have multiple steps
and the uImage target requires the bin or ELF target first,
so the two COMPILE targets cannot be run in parallel.
3. A side-effect of FORCE, is that all COMPILE targets
will be built, even for devices in a build that are not selected,
causing for example, the lzma-loader for some devices
to be built when the image for that device is not built.
4. By making the COMPILE targets a prerequisite of
the "target/compile" phase of the build, it is being built
again in the "target/install" phase of the build, since
the compile phase is a prerequisite of the install phase
and the FORCE target is used on each file in each submake,
but COMPILE targets are not needed before "target/install".
This commit resolves these issues by calling COMPILE targets
only in "target/install", using pattern substitution to list
prerequisites between COMPILE targets in order, deleting
the target before building it, and using device profile
selection to determine if the COMPILE targets are FORCE built.
Because of the nature of defining prerequisites in Make,
(reverse dependency before dependency)
the entire list of COMPILE targets is reversed
in order to list prerequisites between them
without having to work with individual words.
Fixes: a01d23e75 ("image: always rebuild kernel loaders")
Fixes: a7fb589e8 ("image: always rebuild kernel loaders")
Signed-off-by: Michael Pratt
---
include/image.mk | 8 ++--
rules.mk | 2 ++
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/include/image.mk b/include/image.mk
index e9dc53f82e..c09dba3f2c 100644
--- a/include/image.mk
+++ b/include/image.mk
@@ -517,9 +517,13 @@ endef
endif
define Device/Build/compile
- $$(_COMPILE_TARGET): $(KDIR)/$(1)
+ $$(_TARGET): $(KDIR)/$(1)
$(eval $(call Device/Export,$(KDIR)/$(1)))
- $(KDIR)/$(1): FORCE
+
+ $(patsubst %$(1),%$(1):,$(call reverse,$(foreach
compile,$(COMPILE),$(KDIR)/$(compile
+
+ $(KDIR)/$(1): $(if $(_PROFILE_SET),FORCE)
+ rm -f $(KDIR)/$(1)
$$(call concat_cmd,$(COMPILE/$(1)))
endef
diff --git a/rules.mk b/rules.mk
index 2de43d490d..782f84d625 100644
--- a/rules.mk
+++ b/rules.mk
@@ -53,6 +53,8 @@ __tr_template = $(__tr_head)$$(1)$(__tr_tail)
$(eval toupper = $(call __tr_template,$(chars_lower),$(chars_upper)))
$(eval tolower = $(call __tr_template,$(chars_upper),$(chars_lower)))
+reverse = $(if $(word 2,$(1)),$(call reverse,$(wordlist 2,$(words $(1)),$(1)))
$(firstword $(1)),$(1))
+
version_abbrev = $(if $(if $(CHECK),,$(DUMP)),$(1),$(shell printf '%.8s' $(1)))
_SINGLE=export MAKEFLAGS=$(space);
--
2.30.2
--- End Message ---
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH ustream-ssl v2] ustream-openssl: Disable renegotiation in TLSv1.2 and earlier
This fixes CVE-2011-1473 and CVE-2011-5094 by disabling renegotiation in
TLSv1.2 and earlier for server context.
Signed-off-by: Martin Schiller
---
v2:
- also handle wolfssl implementation.
---
ustream-openssl.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/ustream-openssl.c b/ustream-openssl.c
index 6dae4ae..7a991e9 100644
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -157,6 +157,12 @@ __ustream_ssl_context_new(bool server)
SSL_CTX_set_options(c, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 |
SSL_OP_NO_TLSv1_1);
#endif
+#if defined(HAVE_WOLFSSL)
+ SSL_CTX_set_options(c, SSL_AD_NO_RENEGOTIATION);
+#else
+ SSL_CTX_set_options(c, SSL_OP_NO_RENEGOTIATION);
+#endif
+
SSL_CTX_set_cipher_list(c, server_cipher_list);
} else {
SSL_CTX_set_cipher_list(c, client_cipher_list);
--
2.20.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
