diff --git a/config/rootfiles/common/aarch64/u-boot b/config/rootfiles/common/aarch64/u-boot index bef7b7986..ab22769e3 100644 --- a/config/rootfiles/common/aarch64/u-boot +++ b/config/rootfiles/common/aarch64/u-boot @@ -8,6 +8,8 @@ boot/uboot.env #usr/share/u-boot #usr/share/u-boot/nanopi_r2s usr/share/u-boot/nanopi_r2s/u-boot-rockchip.bin +#usr/share/u-boot/nanopi_r4s +usr/share/u-boot/nanopi_r4s/u-boot-rockchip.bin #usr/share/u-boot/rpi usr/share/u-boot/rpi/u-boot-rpi3.bin usr/share/u-boot/rpi/u-boot-rpi4.bin diff --git a/config/rootfiles/core/164/filelists/aarch64/u-boot b/config/rootfiles/core/164/filelists/aarch64/u-boot new file mode 120000 index 000000000..2a16bdbfe --- /dev/null +++ b/config/rootfiles/core/164/filelists/aarch64/u-boot @@ -0,0 +1 @@ +../../../../common/aarch64/u-boot \ No newline at end of file diff --git a/config/rootfiles/core/164/filelists/files b/config/rootfiles/core/164/filelists/files index cf47c16c4..e774b116b 100644 --- a/config/rootfiles/core/164/filelists/files +++ b/config/rootfiles/core/164/filelists/files @@ -1,5 +1,7 @@ etc/collectd.conf etc/rc.d/init.d/firewall +etc/rc.d/init.d/leds +etc/rc.d/init.d/partresize etc/rc.d/init.d/squid etc/suricata/suricata.yaml etc/sysctl.conf diff --git a/lfs/linux b/lfs/linux index dee79a933..2a7692b67 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,8 +24,8 @@ include Config -VER = 5.15.16 -ARM_PATCHES = 5.15-ipfire2 +VER = 5.15.17 +ARM_PATCHES = 5.15-ipfire3 THISAPP = linux-$(VER) DL_FILE = linux-$(VER).tar.xz @@ -73,8 +73,8 @@ objects =$(DL_FILE) \ $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz -$(DL_FILE)_MD5 = be0a904c58655c74c0986ad62500bcca -arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 = 9cab549a71b19b07e0c5c103ccf3c321 +$(DL_FILE)_MD5 = 494b21b74acf5d32d7cb80497fbff429 +arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 = f3161c7ae52eb60e76d64ae483fe1120 install : $(TARGET) @@ -110,7 +110,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) ln -svf linux-$(VER) $(DIR_SRC)/linux # Layer7-patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15-layer7.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15.17-layer7.patch # DVB Patches cd $(DIR_APP) && patch -Np2 < $(DIR_SRC)/src/patches/v4l-dvb_fix_tua6034_pll.patch diff --git a/lfs/u-boot b/lfs/u-boot index 4fd6289d9..b68cd6faf 100644 --- a/lfs/u-boot +++ b/lfs/u-boot @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team # +# Copyright (C) 2007-2022 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -35,17 +35,21 @@ SUP_ARCH = armv6l aarch64 CFLAGS := $(patsubst -fstack-protector-strong,,$(CFLAGS)) +ATF_VER = 2.6 + ############################################################################### # Top-level Rules ############################################################################### -objects = $(DL_FILE) arm-trusted-firmware-2.5.tar.gz +objects = $(DL_FILE) arm-trusted-firmware-$(ATF_VER).tar.gz arm-trusted-firmware-$(ATF_VER)-rk3399-binary.tar.xz $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -arm-trusted-firmware-2.5.tar.gz = $(DL_FROM)/arm-trusted-firmware-2.5.tar.gz +arm-trusted-firmware-$(ATF_VER).tar.gz = $(DL_FROM)/arm-trusted-firmware-$(ATF_VER).tar.gz +arm-trusted-firmware-$(ATF_VER)-rk3399-binary.tar.xz = $(DL_FROM)/arm-trusted-firmware-$(ATF_VER)-rk3399-binary.tar.xz $(DL_FILE)_MD5 = 7afbe0ef070dc0e8e970c57a08e3f336 -arm-trusted-firmware-2.5.tar.gz_MD5 = a3c01d2a73d5171e3f1c0737ff5321d9 +arm-trusted-firmware-$(ATF_VER).tar.gz_MD5 = 2622f7077e30436b2310bea0232c7cec +arm-trusted-firmware-$(ATF_VER)-rk3399-binary.tar.xz_MD5 = b81fc982c982f06c439043385a5ba8ea install : $(TARGET) @@ -183,22 +187,37 @@ else cd $(DIR_APP) && make distclean # Nanopi R2S - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/u-boot/rockchip/generate-2-ethaddr.diff - cd $(DIR_APP) && rm -rf arm-trusted-firmware-2.5 - cd $(DIR_APP) && tar axf $(DIR_DL)/arm-trusted-firmware-2.5.tar.gz - cd $(DIR_APP)/arm-trusted-firmware-2.5 && make PLAT=rk3328 ARCH=aarch64 DEBUG=0 bl31 - cd $(DIR_APP) && cp arm-trusted-firmware-2.5/build/rk3328/release/bl31/bl31.elf bl31.elf - cd $(DIR_APP) && rm -rf arm-trusted-firmware-2.5 +# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/u-boot/rockchip/generate-2-ethaddr.diff + cd $(DIR_APP) && rm -rf arm-trusted-firmware-$(ATF_VER) + cd $(DIR_APP) && tar axf $(DIR_DL)/arm-trusted-firmware-$(ATF_VER).tar.gz + cd $(DIR_APP)/arm-trusted-firmware-$(ATF_VER) && make PLAT=rk3328 ARCH=aarch64 DEBUG=0 bl31 + cd $(DIR_APP) && cp arm-trusted-firmware-$(ATF_VER)/build/rk3328/release/bl31/bl31.elf bl31.elf + cd $(DIR_APP) && rm -rf arm-trusted-firmware-$(ATF_VER) -mkdir -pv /usr/share/u-boot/nanopi_r2s cd $(DIR_APP) && make CROSS_COMPILE="" nanopi-r2s-rk3328_config cd $(DIR_APP) && sed -i -e 's!^CONFIG_IDENT_STRING=.*!CONFIG_IDENT_STRING=" Nanopi R2S - IPFire.org"!' .config cd $(DIR_APP) && sed -i -e 's!^CONFIG_BOOTCOMMAND=.*!CONFIG_BOOTCOMMAND="console=ttyS2,115200n8;run distro_bootcmd"!' .config - cd $(DIR_APP) && sed -i -e 's!^CONFIG_BAUDRATE=.*!CONFIG_BAUDRATE=115200"!' .config + cd $(DIR_APP) && sed -i -e 's!^CONFIG_BAUDRATE=.*!CONFIG_BAUDRATE=115200!' .config + cd $(DIR_APP) && sed -i -e 's!.*CONFIG_MISC_INIT_R.*!# CONFIG_MISC_INIT_R is not set!' .config cd $(DIR_APP) && make CROSS_COMPILE="" HOSTCC="gcc $(CFLAGS)" cd $(DIR_APP) && install -v -m 644 u-boot-rockchip.bin \ /usr/share/u-boot/nanopi_r2s/u-boot-rockchip.bin cd $(DIR_APP) && make distclean + # Nanopi R4S + # arm trusted firmware for rk3399 cannot build without cortex m0 gcc crosscompiler + cd $(DIR_APP) && tar axf $(DIR_DL)/arm-trusted-firmware-$(ATF_VER)-rk3399-binary.tar.xz + -mkdir -pv /usr/share/u-boot/nanopi_r4s + cd $(DIR_APP) && make CROSS_COMPILE="" nanopi-r4s-rk3399_config + cd $(DIR_APP) && sed -i -e 's!^CONFIG_IDENT_STRING=.*!CONFIG_IDENT_STRING=" Nanopi R4S - IPFire.org"!' .config + cd $(DIR_APP) && sed -i -e 's!^CONFIG_BOOTCOMMAND=.*!CONFIG_BOOTCOMMAND="console=ttyS2,115200n8;run distro_bootcmd"!' .config + cd $(DIR_APP) && sed -i -e 's!^CONFIG_BAUDRATE=.*!CONFIG_BAUDRATE=115200!' .config +# cd $(DIR_APP) && sed -i -e 's!.*CONFIG_MISC_INIT_R.*!CONFIG_MISC_INIT_R=y!' .config + cd $(DIR_APP) && make CROSS_COMPILE="" HOSTCC="gcc $(CFLAGS)" + cd $(DIR_APP) && install -v -m 644 u-boot-rockchip.bin \ + /usr/share/u-boot/nanopi_r4s/u-boot-rockchip.bin + cd $(DIR_APP) && make distclean + endif # create an empty 128 KB File for the u-boot env dd if=/dev/zero of=/boot/uboot.env bs=1K count=128 diff --git a/src/initscripts/system/leds b/src/initscripts/system/leds index 07147ce6c..d68426acf 100644 --- a/src/initscripts/system/leds +++ b/src/initscripts/system/leds @@ -121,11 +121,16 @@ case "${1}" in setup_netdev_trigger nanopi-r1:green:wan ${RED_DEV} tx rx setup_netdev_trigger nanopi-r1:green:lan ${GREEN_DEV} tx rx - # Nanopi R1 start + # Nanopi R2S start setup_heartbeat_trigger nanopi-r2s:red:sys setup_netdev_trigger nanopi-r2s:green:wan ${RED_DEV} tx rx setup_netdev_trigger nanopi-r2s:green:lan ${GREEN_DEV} tx rx + # Nanopi R4S start + setup_heartbeat_trigger nanopi-r4s:green:sys + setup_netdev_trigger nanopi-r4s:green:wan ${RED_DEV} tx rx + setup_netdev_trigger nanopi-r4s:green:lan ${GREEN_DEV} tx rx + exit 0 ;; @@ -166,6 +171,12 @@ case "${1}" in disable_led_trigger nanopi-r2s:green:wan disable_led_trigger nanopi-r2s:green:lan + # Nanopi R4S stop + disable_led_trigger nanopi-r4s:green:sys + enable_led nanopi-r4s:green:sys + disable_led_trigger nanopi-r4s:green:wan + disable_led_trigger nanopi-r4s:green:lan + exit 0 ;; diff --git a/src/initscripts/system/partresize b/src/initscripts/system/partresize index 2206ca451..b51f8af97 100644 --- a/src/initscripts/system/partresize +++ b/src/initscripts/system/partresize @@ -51,17 +51,29 @@ case "${1}" in scon="on" fi - # Install AP6112 wlan config on NanoPi R1 + mount /boot > /dev/null case "$(< /proc/device-tree/model )" in - "FriendlyElec NanoPi-R1") + "FriendlyElec NanoPi-R1" ) + # Install AP6112 wlan config on NanoPi R1 cp -f /lib/firmware/brcm/brcmfmac43430-sdio.AP6212.txt \ /lib/firmware/brcm/brcmfmac43430-sdio.txt cp -f /lib/firmware/brcm/brcmfmac43430a0-sdio.ONDA-V80_PLUS.txt \ /lib/firmware/brcm/brcmfmac43430a0-sdio.txt ;; + "FriendlyElec NanoPi R2*" ) + # Generate MAC address at first boot + SWMAC=`printf "%1x2:%02x:%02x:%02x:%02x" $[RANDOM%16] $[RANDOM%256] $[RANDOM%256] $[RANDOM%256] $[RANDOM%256]` + echo ethaddr=$SWMAC:00 >> /boot/uEnv.txt + echo eth1addr=$SWMAC:01 >> /boot/uEnv.txt + ;; + "FriendlyElec NanoPi R4S" ) + # Generate MAC address at first boot + SWMAC=`printf "%1x2:%02x:%02x:%02x:%02x" $[RANDOM%16] $[RANDOM%256] $[RANDOM%256] $[RANDOM%256] $[RANDOM%256]` + echo ethaddr=$SWMAC:00 >> /boot/uEnv.txt + echo eth1addr=$SWMAC:01 >> /boot/uEnv.txt + ;; esac 2>/dev/null - mount /boot > /dev/null if [ -e /boot/grub/grub.cfg ]; then # swtich permanent to serial console if it was selected on first boot if [ "${scon}" = "on" ]; then diff --git a/src/patches/linux/linux-5.15-layer7.patch b/src/patches/linux/linux-5.15.17-layer7.patch similarity index 95% rename from src/patches/linux/linux-5.15-layer7.patch rename to src/patches/linux/linux-5.15.17-layer7.patch index 80b6895a4..0dafa16c7 100644 --- a/src/patches/linux/linux-5.15-layer7.patch +++ b/src/patches/linux/linux-5.15.17-layer7.patch @@ -1,22 +1,20 @@ -diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 841e2f0f5240..636e5abedb08 100644 ---- a/include/linux/skbuff.h -+++ b/include/linux/skbuff.h -@@ -768,6 +768,9 @@ struct sk_buff { - +diff -Naur a/include/linux/skbuff.h b/include/linux/skbuff.h +--- a/include/linux/skbuff.h 2022-01-27 10:05:44.000000000 +0000 ++++ b/include/linux/skbuff.h 2022-01-29 08:04:32.984637671 +0000 +@@ -772,6 +772,9 @@ #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) unsigned long _nfct; -+#endif + #endif +#if defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE) + char layer7_flags[1]; - #endif ++#endif unsigned int len, data_len; -diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h -index cc663c68ddc4..55655f5ee4f2 100644 ---- a/include/net/netfilter/nf_conntrack.h -+++ b/include/net/netfilter/nf_conntrack.h -@@ -117,6 +117,23 @@ struct nf_conn { + __u16 mac_len, +diff -Naur a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h +--- a/include/net/netfilter/nf_conntrack.h 2022-01-27 10:05:44.000000000 +0000 ++++ b/include/net/netfilter/nf_conntrack.h 2022-01-29 08:04:32.984637671 +0000 +@@ -117,6 +117,23 @@ /* Extensions */ struct nf_ct_ext *ext; @@ -40,11 +38,9 @@ index cc663c68ddc4..55655f5ee4f2 100644 /* Storage reserved for other modules, must be the last member */ union nf_conntrack_proto proto; }; -diff --git a/include/uapi/linux/netfilter/xt_layer7.h b/include/uapi/linux/netfilter/xt_layer7.h -new file mode 100644 -index 000000000000..147cd6477858 ---- /dev/null -+++ b/include/uapi/linux/netfilter/xt_layer7.h +diff -Naur a/include/uapi/linux/netfilter/xt_layer7.h b/include/uapi/linux/netfilter/xt_layer7.h +--- a/include/uapi/linux/netfilter/xt_layer7.h 1970-01-01 00:00:00.000000000 +0000 ++++ b/include/uapi/linux/netfilter/xt_layer7.h 2022-01-29 08:04:32.984637671 +0000 @@ -0,0 +1,13 @@ +#ifndef _XT_LAYER7_H +#define _XT_LAYER7_H @@ -59,11 +55,10 @@ index 000000000000..147cd6477858 +}; + +#endif /* _XT_LAYER7_H */ -diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig -index 92a747896f80..0152bdbc338e 100644 ---- a/net/netfilter/Kconfig -+++ b/net/netfilter/Kconfig -@@ -1389,6 +1389,26 @@ config NETFILTER_XT_MATCH_L2TP +diff -Naur a/net/netfilter/Kconfig b/net/netfilter/Kconfig +--- a/net/netfilter/Kconfig 2022-01-27 10:05:44.000000000 +0000 ++++ b/net/netfilter/Kconfig 2022-01-29 08:04:32.988637605 +0000 +@@ -1389,6 +1389,26 @@ To compile it as a module, choose M here. If unsure, say N. @@ -90,11 +85,10 @@ index 92a747896f80..0152bdbc338e 100644 config NETFILTER_XT_MATCH_LENGTH tristate '"length" match support' depends on NETFILTER_ADVANCED -diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile -index aab20e575ecd..0dfd2c3df9e1 100644 ---- a/net/netfilter/Makefile -+++ b/net/netfilter/Makefile -@@ -201,6 +201,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_RECENT) += xt_recent.o +diff -Naur a/net/netfilter/Makefile b/net/netfilter/Makefile +--- a/net/netfilter/Makefile 2022-01-27 10:05:44.000000000 +0000 ++++ b/net/netfilter/Makefile 2022-01-29 08:04:32.988637605 +0000 +@@ -201,6 +201,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_SCTP) += xt_sctp.o obj-$(CONFIG_NETFILTER_XT_MATCH_SOCKET) += xt_socket.o obj-$(CONFIG_NETFILTER_XT_MATCH_STATE) += xt_state.o @@ -102,11 +96,10 @@ index aab20e575ecd..0dfd2c3df9e1 100644 obj-$(CONFIG_NETFILTER_XT_MATCH_STATISTIC) += xt_statistic.o obj-$(CONFIG_NETFILTER_XT_MATCH_STRING) += xt_string.o obj-$(CONFIG_NETFILTER_XT_MATCH_TCPMSS) += xt_tcpmss.o -diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c -index 770a63103c7a..5951aedc010a 100644 ---- a/net/netfilter/nf_conntrack_core.c -+++ b/net/netfilter/nf_conntrack_core.c -@@ -636,6 +636,11 @@ destroy_conntrack(struct nf_conntrack *nfct) +diff -Naur a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c +--- a/net/netfilter/nf_conntrack_core.c 2022-01-27 10:05:44.000000000 +0000 ++++ b/net/netfilter/nf_conntrack_core.c 2022-01-29 08:04:32.992637539 +0000 +@@ -636,6 +636,11 @@ */ nf_ct_remove_expectations(ct); @@ -118,11 +111,10 @@ index 770a63103c7a..5951aedc010a 100644 nf_ct_del_from_dying_or_unconfirmed_list(ct); local_bh_enable(); -diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c -index 80f675d884b2..3e7c0a85bdcf 100644 ---- a/net/netfilter/nf_conntrack_standalone.c -+++ b/net/netfilter/nf_conntrack_standalone.c -@@ -370,6 +370,11 @@ static int ct_seq_show(struct seq_file *s, void *v) +diff -Naur a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c +--- a/net/netfilter/nf_conntrack_standalone.c 2022-01-27 10:05:44.000000000 +0000 ++++ b/net/netfilter/nf_conntrack_standalone.c 2022-01-29 08:04:32.992637539 +0000 +@@ -370,6 +370,11 @@ ct_show_zone(s, ct, NF_CT_DEFAULT_ZONE_DIR); ct_show_delta_time(s, ct); @@ -134,11 +126,9 @@ index 80f675d884b2..3e7c0a85bdcf 100644 seq_printf(s, "use=%u\n", atomic_read(&ct->ct_general.use)); if (seq_has_overflowed(s)) -diff --git a/net/netfilter/regexp/regexp.c b/net/netfilter/regexp/regexp.c -new file mode 100644 -index 000000000000..900698886531 ---- /dev/null -+++ b/net/netfilter/regexp/regexp.c +diff -Naur a/net/netfilter/regexp/regexp.c b/net/netfilter/regexp/regexp.c +--- a/net/netfilter/regexp/regexp.c 1970-01-01 00:00:00.000000000 +0000 ++++ b/net/netfilter/regexp/regexp.c 2022-01-29 08:04:32.992637539 +0000 @@ -0,0 +1,1197 @@ +/* + * regcomp and regexec -- regsub and regerror are elsewhere @@ -1337,11 +1327,9 @@ index 000000000000..900698886531 +#endif + + -diff --git a/net/netfilter/regexp/regexp.h b/net/netfilter/regexp/regexp.h -new file mode 100644 -index 000000000000..a72eba71fb61 ---- /dev/null -+++ b/net/netfilter/regexp/regexp.h +diff -Naur a/net/netfilter/regexp/regexp.h b/net/netfilter/regexp/regexp.h +--- a/net/netfilter/regexp/regexp.h 1970-01-01 00:00:00.000000000 +0000 ++++ b/net/netfilter/regexp/regexp.h 2022-01-29 08:04:32.992637539 +0000 @@ -0,0 +1,41 @@ +/* + * Definitions etc. for regexp(3) routines. @@ -1384,22 +1372,18 @@ index 000000000000..a72eba71fb61 +void regerror(char *s); + +#endif -diff --git a/net/netfilter/regexp/regmagic.h b/net/netfilter/regexp/regmagic.h -new file mode 100644 -index 000000000000..5acf4478ff71 ---- /dev/null -+++ b/net/netfilter/regexp/regmagic.h +diff -Naur a/net/netfilter/regexp/regmagic.h b/net/netfilter/regexp/regmagic.h +--- a/net/netfilter/regexp/regmagic.h 1970-01-01 00:00:00.000000000 +0000 ++++ b/net/netfilter/regexp/regmagic.h 2022-01-29 08:04:32.992637539 +0000 @@ -0,0 +1,5 @@ +/* + * The first byte of the regexp internal "program" is actually this magic + * number; the start node begins in the second byte. + */ +#define MAGIC 0234 -diff --git a/net/netfilter/regexp/regsub.c b/net/netfilter/regexp/regsub.c -new file mode 100644 -index 000000000000..339631f06f00 ---- /dev/null -+++ b/net/netfilter/regexp/regsub.c +diff -Naur a/net/netfilter/regexp/regsub.c b/net/netfilter/regexp/regsub.c +--- a/net/netfilter/regexp/regsub.c 1970-01-01 00:00:00.000000000 +0000 ++++ b/net/netfilter/regexp/regsub.c 2022-01-29 08:04:32.992637539 +0000 @@ -0,0 +1,95 @@ +/* + * regsub @@ -1496,11 +1480,9 @@ index 000000000000..339631f06f00 + } + *dst++ = '\0'; +} -diff --git a/net/netfilter/xt_layer7.c b/net/netfilter/xt_layer7.c -new file mode 100644 -index 000000000000..a7eb760123bf ---- /dev/null -+++ b/net/netfilter/xt_layer7.c +diff -Naur a/net/netfilter/xt_layer7.c b/net/netfilter/xt_layer7.c +--- a/net/netfilter/xt_layer7.c 1970-01-01 00:00:00.000000000 +0000 ++++ b/net/netfilter/xt_layer7.c 2022-01-29 08:04:32.992637539 +0000 @@ -0,0 +1,666 @@ +/* + Kernel module to match application layer (OSI layer 7) data in connections.