OpenWrt Forum Archive

Topic: Update on Linksys WRT1900AC support

The content of this topic has been archived between 16 Sep 2014 and 7 May 2018. Unfortunately there are posts – most likely complete pages – missing.

@sera, please help:-)

SHELL= flock /home/gs/openwrt/tmp/.root-copy.flock -c 'cp -fpR /home/gs/openwrt/staging_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/root-mvebu/tmp-kmod-ipt-core/. /home/gs/openwrt/staging_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/root-mvebu/'
rm -rf /home/gs/openwrt/staging_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/root-mvebu/tmp-kmod-ipt-core
touch /home/gs/openwrt/staging_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/root-mvebu/stamp/.kmod-ipt-core_installed
if [ -f /home/gs/openwrt/staging_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/pkginfo/linux.default.install.clean ]; then rm -f /home/gs/openwrt/staging_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/pkginfo/linux.default.install /home/gs/openwrt/staging_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/pkginfo/linux.default.install.clean; fi; echo "kmod-ipt-core" >> /home/gs/openwrt/staging_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/pkginfo/linux.default.install
ERROR: module '/home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/linux-4.9/net/netfilter/xt_physdev.ko' is missing.
modules/netfilter.mk:1034: recipe for target '/home/gs/openwrt/bin/mvebu/packages/kernel/kmod-ipt-extra_4.9-1_mvebu.ipk' failed
make[3]: *** [/home/gs/openwrt/bin/mvebu/packages/kernel/kmod-ipt-extra_4.9-1_mvebu.ipk] Error 1
make[3]: Leaving directory '/home/gs/openwrt/package/kernel/linux'
package/Makefile:196: recipe for target 'package/kernel/linux/compile' failed
make[2]: *** [package/kernel/linux/compile] Error 2
make[2]: Leaving directory '/home/gs/openwrt'
package/Makefile:193: recipe for target '/home/gs/openwrt/staging_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/stamp/.package_compile' failed
make[1]: *** [/home/gs/openwrt/staging_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/stamp/.package_compile] Error 2
make[1]: Leaving directory '/home/gs/openwrt'
/home/gs/openwrt/include/toplevel.mk:192: recipe for target 'world' failed
make: *** [world] Error 2

@gsustek

It compiled just fine here a couple of hours ago.

nitroshift

@gsustek

At a glance this looks like you disabled bridge support in your kernel config somehow and so the module won't be built. As I made such errors fatal for netfilter.mk it's now visible. Will look into a fix. Thanks for the report.

sera wrote:

@gsustek

At a glance this looks like you disabled bridge support in your kernel config somehow and so the module won't be built. As I made such errors fatal for netfilter.mk it's now visible. Will look into a fix. Thanks for the report.


"disabled bridge support "  i didn't touch it:-) just my heavily .config file:-)

gsustek wrote:
sera wrote:

@gsustek

At a glance this looks like you disabled bridge support in your kernel config somehow and so the module won't be built. As I made such errors fatal for netfilter.mk it's now visible. Will look into a fix. Thanks for the report.


"disabled bridge support "  i didn't touch it:-) just my heavily .config file:-)

Kmod-ipt-extra actually depends on the dependency check being broken for include/netfilter.mk and just happens to only properly work if you enabled kmod-ebtables as well. Not your mistake.

A patch for it is at: https://gist.github.com/anonymous/d3ce4 … 6bf7f13f75

Another error :

rm -f /home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/cryptodev-linux-1.8/.configured_*
touch /home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/cryptodev-linux-1.8/.configured_yyyyyyyy
make -C /home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/cryptodev-linux-1.8 PATH="/home/gs/openwrt/staging_dir/toolchain-arm_cortex-a9+vfpv3_gcc-5.3.0_musl-1.1.15_eabi/bin:/home/gs/openwrt/staging_dir/toolchain-arm_cortex-a9+vfpv3_gcc-5.3.0_musl-1.1.15_eabi/bin:/home/gs/openwrt/staging_dir/host/bin:/home/gs/openwrt/staging_dir/toolchain-arm_cortex-a9+vfpv3_gcc-5.3.0_musl-1.1.15_eabi/bin:/home/gs/openwrt/staging_dir/host/bin:/home/gs/openwrt/staging_dir/host/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin" ARCH="arm" CROSS_COMPILE="arm-openwrt-linux-muslgnueabi-" TOOLPREFIX="arm-openwrt-linux-muslgnueabi-" TOOLPATH="arm-openwrt-linux-muslgnueabi-" KERNEL_DIR="/home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/linux-4.9" LDOPTS=" " DOMULTI=1
make[4]: Entering directory '/home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/cryptodev-linux-1.8'
make -C /home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/linux-4.9 SUBDIRS=`pwd` ARCH=arm CROSS_COMPILE=arm-openwrt-linux-muslgnueabi- modules
make[5]: Entering directory '/home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/linux-4.9'
  CC [M]  /home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/cryptodev-linux-1.8/ioctl.o
  CC [M]  /home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/cryptodev-linux-1.8/main.o
  CC [M]  /home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/cryptodev-linux-1.8/cryptlib.o
/home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/cryptodev-linux-1.8/cryptlib.c: In function 'cryptodev_cipher_init':
/home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/cryptodev-linux-1.8/cryptlib.c:138:18: error: implicit declaration of function 'crypto_alloc_ablkcipher' [-Werror=implicit-function-declaration]
   out->async.s = crypto_alloc_ablkcipher(alg_name, 0, 0);
                  ^
/home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/cryptodev-linux-1.8/cryptlib.c:138:16: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
   out->async.s = crypto_alloc_ablkcipher(alg_name, 0, 0);
                ^
cc1: some warnings being treated as errors
scripts/Makefile.build:293: recipe for target '/home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/cryptodev-linux-1.8/cryptlib.o' failed
make[6]: *** [/home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/cryptodev-linux-1.8/cryptlib.o] Error 1
Makefile:1490: recipe for target '_module_/home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/cryptodev-linux-1.8' failed
make[5]: *** [_module_/home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/cryptodev-linux-1.8] Error 2
make[5]: Leaving directory '/home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/linux-4.9'
Makefile:25: recipe for target 'build' failed
make[4]: *** [build] Error 2
make[4]: Leaving directory '/home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/cryptodev-linux-1.8'
Makefile:75: recipe for target '/home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/cryptodev-linux-1.8/.built' failed
make[3]: *** [/home/gs/openwrt/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/cryptodev-linux-1.8/.built] Error 2
make[3]: Leaving directory '/home/gs/openwrt/feeds/packages/utils/cryptodev-linux'
package/Makefile:196: recipe for target 'package/feeds/packages/cryptodev-linux/compile' failed
make[2]: *** [package/feeds/packages/cryptodev-linux/compile] Error 2
make[2]: Leaving directory '/home/gs/openwrt'
package/Makefile:193: recipe for target '/home/gs/openwrt/staging_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/stamp/.package_compile' failed
make[1]: *** [/home/gs/openwrt/staging_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/stamp/.package_compile] Error 2
make[1]: Leaving directory '/home/gs/openwrt'
/home/gs/openwrt/include/toplevel.mk:192: recipe for target 'world' failed
make: *** [world] Error 2

@gsustek, ran into the same problem as you. Not sure why @nitroshift, @sera did not, unless they have relaxed treating warnings as errors.

I took a slightly different tack. I modified the feeds/packages/utils/cryptodev-linux/Makefile to work ala the mwlwifi Makefile.

PKG_SOURCE_URL:=http:github.com/cryptodev-linux/cryptodev-linux
PKG_SOURCE_PROTO:=git
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE_VERSION:=2dbbb2313f7c1d9465f4867c7d02851730154db8
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz

The cryptodev-linux github would not provide a feed without a password unfortunately, so I just did a git clone, created a compressed tar and stuffed the tar into my dl/ directory. Compiled, flashed and running with no issues. muchas gracias @sera.

Villeneuve,

cryptodev-linux only broke with 4.9-rc2, see "git tag --contains 9beae1ea89305a9667ceaab6d0bf46a045ad71e7" and isn't part of base, so it's not covered per se. Looking at the openssl tracker doesn't want me to make use cryptodev. openssl-1.1 fixes much of the hardware crypto support as far as I can see but that one breaks current openssh and other important services like squid. Guess it's still half a year before I get into that hardware crypto stuff again.

Anyway, what I wanted to say is if something isn't part of base I might just miss it. But then I have to leave some stuff to shine to others as well wink. Always feel free to ask for help if there is an issue though.

@villeneuve thnx, i did the same thing:-) this or the patch:-)

@sera thnx for the findings. I poked the maintainer.

how can i run initramfs image? can you please describe me, sould i use tftpdboot u-boot command and from what address should i go?

How,and why should i use ubi image?

I experience some NAND issues(i think, it's a loong shot ) during boot, so i want it to boot from memory. So i need to bootup initmarfs, i also want to have full config in initramfs...should i use files/ to build customized initramfs image?

Regards.

(Last edited by gsustek on 16 Dec 2016, 16:04)

gsustek,

the initramfs is part of the kernel, the uimage. It's a minimal static busybox and an init script. That's all. It's used always to mounts root and then hands off to the init in the rootfs. See target/linux/mvebu/image/init.in.

The script could easily be changed to mount root from an usb stick for example to sidestep the nand issue you have. We have the same device and I haven't seen any nand related issues so far, mind pasting a full boot log somewhere?

The ubi images unlike the squshfs weren't broken before 4.9, which is why I added them. They don't overlay the rootfs and so have a bit better performance and a bit worse compression. You can't reset by just clearing the overlay but instead can uninstall packages which were part of the initial image like any other regular read-write filesystem.

@sera, thnx for explanation.

here is the full log, it always stops there, after two-three reboots, even for default image(without custom config applyed)
http://pastebin.com/S6tjF8mX

i only have ths when i connect ESATA HDD (separate power suply), and two cameras Logitech C270 one on USB3 port, and one on USB2 port(i use splitter from ebay)
i also do some measurements and during startup there is max drain of 1A with that setup.

p.s.  openwrt + swrt- doesn't have this issue, i try'it few hours ago...
my old backup config does'nt work because of ent0 ent1 part, you change something in 4.9, some networking package, or DT labeling is different... is there a quick fix? or i should do that setup drom scratch?

yep there isn't swconfig in your setup anymore:-)

That paste is missing the error but if you don't see it with openwrt then it's maybe an issue with one of the nand patches in lede.

Yes, it's currently setup to use dsa for evaluation purpose. If it's not clear how to work with dsa ask questions so I'd know what to document.

gsustek wrote:

my old backup config does'nt work because of ent0 ent1 part, you change something in 4.9, some networking package, or DT labeling is different... is there a quick fix? or i should do that setup drom scratch?

yep there isn't swconfig in your setup anymore:-)

My advice is ditch the old config and start from scratch.  wink  I went thru this as well on 4.8.  Once you have a new working config you can save that for later builds.

@cybrnook2002

Share how you built openvpn with hardware accel?

qos vs sqm people have said sqm is better (I use it [with cake] and i agree)

How do you use adblock? I checked all and I still find ads while when i use => https://gist.github.com/teffalump/7227752  and this seems to adblock as many ads as i've ever tried

@cybrnook2002

It's great that you're wanting to give back.  In reality an unsupported build isn't very useful, in that everyone is going to want to tweak it and will have zero options to do that if it involves kernel adds (and risky forced installs if not).

You could post your diff config and any patches on gist or github and anyone can then clone the LEDE or OpenWRT repo and easily customize (or just build) from there.

Sounds good, I will work on that instead.

lifehacksback wrote:

How do you use adblock? I checked all and I still find ads while when i use => https://gist.github.com/teffalump/7227752  and this seems to adblock as many ads as i've ever tried

There's no way, at least that I know of, to block 100% of adverts, regardless of platform or program.  AdBlock will block a substantial number of them, but 25%+ will still come through.  Adverts are blocked via urls, so if ads are coming through, those specific advert FQDNs are not on the block list.  It gets even more complex as many legitimate companies are using legitimate advert tracking links to funnel their legitimate traffic to their sites, not to sell user data but for internal analytics and user load.

  • For example, many financial institutions or private label retailers utilize advert tracking urls to analyze traffic within account emails, emails that contain account info or emails that contain unique links specific to that customer

    • For example, a Discover Card email for an account holder where they're offering an additional 5% cashback on specific purchases, where a link needs to be clicked to activate that benefit, but requires no login; PayPal has similar links to enable free shipping on a returned purchases, etc.

With that being said, IIRC (due to a performance hit), you shouldn't enable all adblock sources, and some sources, such as mvps, will result in the inability to utilize certain features of google and other search engines.  This shouldn't be a deterrent, simply something one should be aware of so they know why links are being blocked if the click on something.

  • I use the mvps hosts file on my PC, but not on the router, as there are certain times it's more convenient to be able to momentarily disable mvps if I use Google's shopping tab to find an item. Once done, mvps is re-enabled, all via a cmd script.


/etc/config/adblock

# ---  OpenWrt DD AdBlock  --- #

    # See: https://github.com/openwrt/packages/blob/master/net/adblock/files/README.md


config adblock 'global'
    option  adb_enabled         1
    option  adb_cfgver          2.5
    option  adb_blacklist       '/etc/adblock/adblock.blacklist'
    option  adb_whitelist       '/etc/adblock/adblock.whitelist'
    option  adb_whitelist_rset  '\$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\"^\"\$1\"\\\|[.]\"\$1)}'
    option  adb_forcedns        1

config service 'backup'
    option  enabled             1
    option  adb_backupdir       '/mnt/sda2/backups/adblock'

config source 'adaway'
    option  enabled             1
    option  adb_src             'https://adaway.org/hosts.txt'
    option  adb_src_rset        '\$0 ~/^127\.0\.0\.1[ \t]+([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$2)}'
    option  adb_srcdesc         'Focuses on mobile ads; Infrequent updates; Approx. 400 entries'

config source 'blacklist'
    option  enabled             1
    option  adb_src             '/etc/adblock/adblock.blacklist'
    option  adb_src_rset        '\$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$1)}'
    option  adb_src_desc        'Static local blacklist'

config source 'disconnect'
    option  enabled             1
    option  adb_src             'https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt'
    option  adb_src_rset        '\$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$1)}'
    option  adb_src_desc        'Mozilla driven blocklist; Daily updates; Approx. 6.500 entries'

config source 'dshield'
    option  enabled             0
    option  adb_src             'http://www.dshield.org/feeds/suspiciousdomains_Low.txt'
    option  adb_src_rset        '\$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$1)}'
    option  adb_src_desc        'Broad blocklist for suspicious domains; Daily updates; Approx. 4.500 entries'

config source 'feodo'
    option  enabled             0
    option  adb_src             'https://feodotracker.abuse.ch/blocklist/?download=domainblocklist'
    option  adb_src_rset        '\$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$1)}'
    option  adb_src_desc        'Focuses on Feodo botnet domains; Daily updates, Approx. 0-10 entries'

config source 'malware'
    option  enabled             1
    option  adb_src             'https://mirror.cedia.org.ec/malwaredomains/justdomains'
    option  adb_src_rset        '\$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$1)}'
    option  adb_src_desc        'Broad malware domain blocklist; Daily updates, Approx. 16.000 entries'

config source 'malwarelist'
    option  enabled             1
    option  adb_src             'http://www.malwaredomainlist.com/hostslist/hosts.txt'
    option  adb_src_rset        '\$0 ~/^127\.0\.0\.1[ \t]+([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$2)}'
    option  adb_src_desc        'Generic malware domains blocklist; Daily updates, Approx. 1.500 entries'

config source 'openphish'
    option  enabled             1
    option  adb_src             'https://openphish.com/feed.txt'
    option  adb_src_rset        '{FS=\"/\"} \$3 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$3)}'
    option  adb_src_desc        'Focuses on phishing domains, Daily updates, Approx. 1.800 entries'

config source 'palevo'
    option  enabled             0
    option  adb_src             'https://palevotracker.abuse.ch/blocklists.php?download=domainblocklist'
    option  adb_src_rset        '\$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$1)}'
    option  adb_src_desc        'Focuses on Palevo worm domains; Daily updates; Approx. 15 entries'

config source 'ransomware'
    option  enabled             1
    option  adb_src             'https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt'
    option  adb_src_rset        '\$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$1)}'
    option  adb_src_desc        'Focuses on ransomware domains; Daily updates; Approx. 130 entries'

config source 'rolist'
    option  enabled             0
    option  adb_src             'https://easylist-downloads.adblockplus.org/rolist+easylist.txt'
    option  adb_src_rset        '{FS=\"[|^]\"} \$0 ~/^\|\|([A-Za-z0-9_-]+\.){1,}[A-Za-z]+\^$/{print tolower(\$3)}'
    option  adb_src_desc        'Focuses on Romanian advert domains and generic easylist additions; Weekly updates; Approx. 600 entries'

config source 'ruadlist'
    option  enabled             0
    option  adb_src             'https://easylist-downloads.adblockplus.org/ruadlist+easylist.txt'
    option  adb_src_rset        '{FS=\"[|^]\"} \$0 ~/^\|\|([A-Za-z0-9_-]+\.){1,}[A-Za-z]+\^$/{print tolower(\$3)}'
    option  adb_src_desc        'Focuses on Russian advert domains and generic easylist additions; Weekly updates; Approx. 2.000 entries'

config source 'securemecca'
    option  enabled             1
    option  adb_src             'http://securemecca.com/Downloads/hosts.txt'
    option  adb_src_rset        '\$0 ~/^127\.0\.0\.1[ \t]+([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$2)}'
    option  adb_src_desc        Broad blocklist; Infrequent updates; Approx. 25.000 entries'


config source 'shalla'
    option  enabled             1
    option  adb_src             'http://www.shallalist.de/Downloads/shallalist.tar.gz'
    option  adb_src_rset        '{FS=\"/\"} \$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$1)}'
    option  adb_src_desc        'Broad blocklist subdivided in different categories (Default enabled: Adv, Costtraps, Spyware, Tracker and Warez); Daily updates; Approx. 32.000 entries'
    list    adb_src_cat         'adv'
    list    adb_src_cat         'costtraps'
    list    adb_src_cat         'spyware'
    list    adb_src_cat         'tracker'
    list    adb_src_cat         'warez'

config source 'spam404'
    option  enabled             0
    option  adb_src             'https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt'
    option  adb_src_rset        '\$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$1)}'
    option  adb_src_desc        'Generic blocklist for suspicious domains; Infrequent updates; Approx. 5.000 entries'

config source 'sysctl'
    option  enabled             0
    option  adb_src             'http://sysctl.org/cameleon/hosts'
    option  adb_src_rset        '\$0 ~/^127\.0\.0\.1[ \t]+([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$2)}'
    option  adb_src_desc        'Generic blocklist for ad related domains; Weekly updates; Approx. 21.000 entries'

config source 'whocares'
    option  enabled             0
    option  adb_src             'http://someonewhocares.org/hosts/hosts'
    option  adb_src_rset        '\$0 ~/^127\.0\.0\.1[ \t]+([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$2)}'
    option  adb_src_desc        'Broad blocklist for suspicious domains; Weekly updates; Approx. 12.000 entries'

config source 'winspy'
    option  enabled             0
    option  adb_src             'https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win10/spy.txt'
    option  adb_src_rset        '\$0 ~/^0\.0\.0\.0[ \t]+([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$2)}'
    option  adb_src_desc        'Focuses on Windows spy & telemetry domains; infrequent updates; Approx. 120 entries'

config source 'winhelp'
    option  enabled             1
    option  adb_src             'http://winhelp2002.mvps.org/hosts.txt'
    option  adb_src_rset        '\$0 ~/^0\.0\.0\.0[ \t]+([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$2)}'
    option  adb_src_desc        'Broad blocklist for suspicious domains; Infrequent updates, Approx. 15.000 entries'

config source 'yoyo'
    option  enabled             0
    option  adb_src             'https://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=0&mimetype=plaintext'
    option  adb_src_rset        '\$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$1)}'
    option  adb_src_desc        'Focuses on advert related domains; Weekly updates; Approx. 2.500 entries'

config source 'zeus'
    option  enabled             0
    option  adb_src             'https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist'
    option  adb_src_rset        '\$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$1)}'
    option  adb_src_desc        'Focuses on Zeus botnet domains; Daily updates; Approx. 440 entries'

(Last edited by JW0914 on 17 Dec 2016, 19:18)

lifehacksback wrote:

@cybrnook2002

Share how you built openvpn with hardware accel?

qos vs sqm people have said sqm is better (I use it [with cake] and i agree)

How do you use adblock? I checked all and I still find ads while when i use => https://gist.github.com/teffalump/7227752  and this seems to adblock as many ads as i've ever tried

I have enabled the appropriate flags within openssl library, and selected the appropriate crypto options within the kernel.
There is a diffconfig in the 2535 folder, so you can see what I have enabled.
https://www.dropbox.com/sh/2a7hkorqir0c … Si_2a?dl=0

And for adblocking, I simply incorporated the appropriate packages to install ablock, plus the luci front end for it:
https://github.com/openwrt/packages/blo … /README.md

works a treat:

http://img.techpowerup.org/161217/adblock054.png

(Last edited by cybrnook2002 on 17 Dec 2016, 21:57)

cybrnook2002 wrote:
lifehacksback wrote:

@cybrnook2002

Share how you built openvpn with hardware accel?

qos vs sqm people have said sqm is better (I use it [with cake] and i agree)

How do you use adblock? I checked all and I still find ads while when i use => https://gist.github.com/teffalump/7227752  and this seems to adblock as many ads as i've ever tried

I have enabled the appropriate flags within openssl library, and selected the appropriate crypto options within the kernel.
There is a diffconfig in the 2535 folder, so you can see what I have enabled.
https://www.dropbox.com/sh/2a7hkorqir0c … Si_2a?dl=0

And for adblocking, I simply incorporated the appropriate packages to install ablock, plus the luci front end for it:
https://github.com/openwrt/packages/blo … /README.md

works a treat:

http://img.techpowerup.org/161217/adblock054.png

@cybrnook2002, I checked your diffconfig file, however, you don't seem to have the following in your config file:
CONFIG_PACKAGE_libgnutls=y
CONFIG_GNUTLS_CRYPTODEV=y
CONFIG_GNUTLS_*=y (the * implies the rest of the configurations being set when libgnutls is enabled through menuconfig)

Now, according to the OpenWRT wiki, you are missing the part marked in bold (attached below):

Adding /dev/crypto support to crypto libraries

Libraries → SSL

    libopenssl: m
        Crypto acceleration support: y
    libgnutls: m
        enable /dev/crypto support: y

Further, I found the following on the github page of cryptodev-linux:

=== How to combine with cryptographic libraries ===

* GnuTLS:

GnuTLS needs to be compiled with --enable-cryptodev in order to take
advantage of /dev/crypto
. GnuTLS 3.0.14 or later is recommended.

In addition, according to the Wikipedia page on GnuTLS, GnuTLS provides for:

... a free software implementation of the TLS, SSL and DTLS protocols.
....
CPU assisted cryptography and cryptographic accelerator support (/dev/crypto), VIA PadLock and AES-NI instruction sets

To make an educated guess, I believe hardware crypto is not engaged without the inclusion of what's been attached above.

Best,
Alexandros

(Last edited by alexandrosio on 18 Dec 2016, 07:27)

alexandrosio wrote:

@cybrnook2002, I checked your diffconfig file, however, you don't seem to have the following in your config file:
CONFIG_PACKAGE_libgnutls=y
CONFIG_GNUTLS_CRYPTODEV=y
CONFIG_GNUTLS_*=y (the * implies the rest of the configurations being set when libgnutls is enabled through menuconfig)

Now, according to the OpenWRT wiki, you are missing the part marked in bold (attached below):

Adding /dev/crypto support to crypto libraries

Libraries → SSL

    libopenssl: m
        Crypto acceleration support: y
    libgnutls: m
        enable /dev/crypto support: y

Further, I found the following on the github page of cryptodev-linux:

=== How to combine with cryptographic libraries ===

* GnuTLS:

GnuTLS needs to be compiled with --enable-cryptodev in order to take
advantage of /dev/crypto
. GnuTLS 3.0.14 or later is recommended.


To make an educated guess, I believe hardware crypto is not engaged without the inclusion of what's been attached above.

Best,
Alexandros

Thanks for the advice, I am compiling against 2540 now and will have it uploaded shortly. If you would be so kind, take a look (in about 30 min or so..)

I enabled libgnutls, and along with what was enabled by default, I also enabled the cryptodev support. However, I did not give it the * approach, only the minimum of what should be needed out of the box.

let me know....

Nice find btw. Originally my main focus was within the openssl lib, enabling crypto support.

EDIT: Looks good to me :-) (but is similar to what I saw before when enabling only within libopenssl)
http://img.techpowerup.org/161218/openssl-results.png

(Last edited by cybrnook2002 on 18 Dec 2016, 08:14)

@cybrnook2002, I don't know if the openssl speed test can capture the real world improvement since it is not an extensive benchmark, however, after compiling a build with CONFIG_PACKAGE_libgnutls=y and CONFIG_GNUTLS_CRYPTODEV=y enabled, the speed I get from my vpn provider has increased from 30 mbps to about 50 mbps; I've downloaded some ubuntu images for testing purposes, and, I've reached 5-7 MB/s, whereas, my previous build would max out at 2.5 MB/s smile

Hi
Someone knows which cortex a9 cpus marvell used? (revision)
I digged a bit through kernel menuconfig and found some arm cortexa9 errata fixes.
One for rev r2p0 was checked  and can't be unchecked. (supposedly 720789)
Isn't r2p0 quite old? And what about the other cortex-a9 errata fixes?

In linksys's kernel config they used two errata fixes:
CONFIG_PJ4B_ERRATA_4742=y
CONFIG_ARM_ERRATA_720789=y

When i open my generated .config file in my build dir and search for errata.
I get the following:
CONFIG_ARM_ERRATA_643719=y

The pj4b errata fix can't be found.

But in kernel menuconfig errata 720789 is checked.
Why is that? Did i open the wrong .config file?
//Nevermind
I think i found the right one doh

(Last edited by shm0 on 18 Dec 2016, 12:50)

shm0 wrote:

Hi
Someone knows which cortex a9 cpus marvell used? (revision)
I digged a bit through kernel menuconfig and found some arm cortexa9 errata fixes.
One for rev r2p0 was checked  and can't be unchecked. (supposedly 720789)
Isn't r2p0 quite old? And what about the other cortex-a9 errata fixes?

In linksys's kernel config they used two errata fixes:
CONFIG_PJ4B_ERRATA_4742=y
CONFIG_ARM_ERRATA_720789=y

When i open my generated .config file in my build dir and search for errata.
I get the following:
CONFIG_ARM_ERRATA_643719=y

The pj4b errata fix can't be found.

But in kernel menuconfig errata 720789 is checked.
Why is that? Did i open the wrong .config file?
//Nevermind
I think i found the right one doh

What improvement you get by doing this?
Anyway anyone knows which "tweaks" i need to check in the menuconfig of lede? How to improve wireless speed?
And how to enable safe energy feature? (like standby)

errata are errors in the cpu microcode.
Some of them can be fixed through software workarounds.
Like the ones in the kernel config.

Im trying to find a history about the cortex a9 revisions,
On the arm website i found revisions up to r3p0.
But nvidia tegra 4 uses revision r4p1. And that was in 2013.
The errata fix in menuconfig is for revision p2r0 and below. So even older?
I don't think marvell used that old cortex a9 cpus or?

And errata fix 764369:
... affecting Cortex-A9 MPCore with two or more processors (all                                                                         
current revisions)....

Im clueless here... i tried to get the revision through /proc/cpuinfo but that returns only a hex string :-/

I also found this interesting thread:
https://patchwork.ozlabs.org/patch/134388/

AFAIK, 720789 (TLBIASIDIS and TLBIMVAIS operations can broadcast a faulty
ASID) is fixed in userspace (or gcc) nowadays (at least in Ubuntu) so I think
this can be neglected.

all I found in the haste is
https://bugs.launchpad.net/ubuntu/+sour … bug/739374

I think in the end gcc was patched not emit get/set_tls syscalls but to use
MCR/MRC cp15 ops (sorry, I don't know what this means - just copied from irc
log). This meant that the whole userspace needed recompilation. It is possible
that all newer gcc behave like this. As far as I understood, enabling the
erratum in the kernel with fixed userspace will make the problem reapear.
Someone with more knowledge may correct me.

And what about the p310 errata?
Some users report bad i/o perfomance

There is this errata fix

On revisions of the PL310 prior to r3p2, the Store Buffer does
not automatically drain. This can cause normal, non-cacheable
writes to be retained when the memory system is idle, leading │  
to suboptimal I/O performance for drivers using coherent DMA.  

?

(Last edited by shm0 on 18 Dec 2016, 21:53)

Sorry, posts 13901 to 13900 are missing from our archive.