5742

If you look the thread history, you can find that someone shared 5.15 builds in GitHub,
I have a private build shared, and has two version : one with firewall3 and one with firewall4.
If you wanna you can download and try at your own risk.

5743

got this error when compiling from latest master with firewall4

Collected errors:
 * pkg_hash_check_unresolved: cannot find dependency libucode20210730 for ucode
 * pkg_hash_fetch_best_installation_candidate: Packages for ucode found, but incompatible with the architectures configured
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for firewall4:
 *      libucode20210730
 * opkg_install_cmd: Cannot install package firewall4.

was working fine before @robimarko

5744

Can you share the full log, though this is probably upstream issue.
I can tell you it worked just fine yesterday

5745

weird, I just triggered rebuilt and it worked... sorry!

5746

Hi, thanks a lot at @robimarko for his work
i have the same issue like @edrikk
with the internet in wlan...
it is fixed with his script... (many thanks)
but know anybody a better solution to fix...
(work with kernel 5.15.19)

i use multible vlan and for the DHCP i use an other OpenWRT Router

5747

If you're referring to fw4 issue of LAN clients being able to access WAN despite firewall rule blocking them, that issue appears to have been fixed this morning. You will either have to cherry-pick the commit from the upstream openwrt, or manually update the file in your local repo based on the commit, and recompile.

5748

i use this router only as an Accespoint
so i use alle Ports for vLans

for DHCP i use an other one (Netgear)

but if i connect by Wifi i become no Internet/DHCP
so i use your Script and it works...

i use this .config to create with robimarkos (ipq807x-5.15) yesterday

          echo 'CONFIG_TARGET_ipq807x=y' > .config
          echo 'CONFIG_TARGET_ipq807x_generic=y' >> .config
          echo 'CONFIG_TARGET_ipq807x_generic_DEVICE_xiaomi_ax3600=y' >> .config
          echo 'CONFIG_HAS_SUBTARGETS=y' >> .config
          echo 'CONFIG_TARGET_BOARD="ipq807x"' >> .config
          echo 'CONFIG_TARGET_SUBTARGET="generic"' >> .config
          echo 'CONFIG_TARGET_PROFILE="DEVICE_xiaomi_ax3600"' >> .config
          echo 'CONFIG_TARGET_ARCH_PACKAGES="aarch64_cortex-a53"' >> .config
          echo 'CONFIG_DEFAULT_TARGET_OPTIMIZATION="-Os -pipe -mcpu=cortex-a53"' >> .config
          echo 'CONFIG_TARGET_ROOTFS_INITRAMFS=y' >> .config
          echo 'CONFIG_TARGET_INITRAMFS_COMPRESSION_ZSTD=y' >> .config
          echo 'CONFIG_TARGET_ROOTFS_SQUASHFS=y' >> .config
          echo 'CONFIG_TARGET_SQUASHFS_BLOCK_SIZE=256' >> .config
          echo 'CONFIG_TARGET_UBIFS_FREE_SPACE_FIXUP=y' >> .config
          echo 'CONFIG_TARGET_OPTIMIZATION="-Os -pipe -mcpu=cortex-a53"' >> .config
          #firmware
          echo "CONFIG_PACKAGE_nss-firmware-ipq8074=y" >> .config
          echo "CONFIG_PACKAGE_kmod-qca-nss-dp=y" >> .config
          #echo "CONFIG_PACKAGE_kmod-qca-nss-ecm=y\n" >> .config
          #echo "CONFIG_PACKAGE_kmod-qca-nss-drv=y\n" >> .config
          #echo "CONFIG_PACKAGE_kmod-qca-nss-drv-pppoe=y\n" >> .config
          #echo "CONFIG_PACKAGE_kmod-qca-nss-drv-bridge-mgr=y\n" >> .config
          #echo "CONFIG_PACKAGE_kmod-qca-nss-drv-vlan-mgr=y\n" >> .config
          # wpad full
          echo "CONFIG_PACKAGE_curl=y" >> .config
          echo "CONFIG_PACKAGE_wpad-mini=n" >> .config
          echo "CONFIG_PACKAGE_wpad-basic-wolfssl=n" >> .config
          echo "CONFIG_PACKAGE_wpad-wolfssl=y" >> .config
          # services and tools
          #echo "CONFIG_PACKAGE_wireguard=y" >> .config
          echo "CONFIG_PACKAGE_arp-scan=y" >> .config
          echo "CONFIG_PACKAGE_bind-host=y" >> .config
          echo "CONFIG_PACKAGE_ca-certificates=y" >> .config                
          echo "CONFIG_PACKAGE_ca-bundle=y" >> .config
          #echo "CONFIG_PACKAGE_ddns-scripts=y" >> .config
          #echo "CONFIG_PACKAGE_ddns-scripts-cloudflare=y" >> .config
          #echo "CONFIG_PACKAGE_ddns-scripts-services=y" >> .config
          echo "CONFIG_PACKAGE_findutils-xargs=y" >> .config
          echo "CONFIG_PACKAGE_fping=y" >> .config
          echo "CONFIG_PACKAGE_gawk=y" >> .config
          echo "CONFIG_PACKAGE_iputils-arping=y" >> .config
          echo "CONFIG_PACKAGE_irqbalance=y" >> .config
          echo "CONFIG_PACKAGE_iwinfo=y" >> .config
          echo "CONFIG_PACKAGE_less-wide=y" >> .config
          echo "CONFIG_PACKAGE_lldpd=y" >> .config
          echo "CONFIG_PACKAGE_miniupnpd=y" >> .config
          echo "CONFIG_PACKAGE_procd-seccomp=y" >> .config
          echo "CONFIG_PACKAGE_qos-scripts=y" >> .config
          echo "CONFIG_PACKAGE_wget=y" >> .config
          # test
          echo "CONFIG_PACKAGE_qca-ssdk-shell=y" >> .config
          # luci
          echo "CONFIG_PACKAGE_luci=y" >> .config
          echo "CONFIG_PACKAGE_luci-base=y" >> .config
          echo "CONFIG_PACKAGE_luci-compat=y" >> .config
          echo "CONFIG_PACKAGE_luci-theme-bootstrap=y" >> .config
          echo "CONFIG_PACKAGE_luci-app-firewall=y" >> .config
          echo "CONFIG_PACKAGE_luci-app-qos=y" >> .config
          echo "CONFIG_PACKAGE_luci-app-upnp=y" >> .config
          echo "CONFIG_PACKAGE_luci-mod-dashboard=y" >> .config
          #echo "CONFIG_PACKAGE_luci-app-wireguard=y" >> .config
          #echo "CONFIG_PACKAGE_luci-app-ddns=y" >> .config
          echo "CONFIG_PACKAGE_less=n" >> .config
          # test
          echo "CONFIG_PACKAGE_luci-ssl=y" >> .config
          # firewall4
          echo "CONFIG_IPTABLES_NFTABLES=y" >> .config
          echo "CONFIG_PACKAGE_firewall=n" >> .config
          echo "CONFIG_PACKAGE_ip6tables=n" >> .config
          echo "CONFIG_PACKAGE_iptables=n" >> .config
          echo "CONFIG_PACKAGE_kmod-ipt-offload=n" >> .config
          echo "CONFIG_PACKAGE_firewall4=y" >> .config
          echo "CONFIG_PACKAGE_nftables=y" >> .config
          echo "CONFIG_PACKAGE_kmod-nft-offload=y" >> .config
          echo "CONFIG_NETFILTER_NETLINK=m" >> .config
          echo "CONFIG_NETFILTER_NETLINK_HOOK=m" >> .config
5749

No worries, I got sidetracked a bit also. It was my birthday yesterday, and I decided to fly out to Amsterdam for a few days to decompress and meet some friends etc.

I pulled all your 5.15.19 patches last night, excellent work as usual :slight_smile: I forked everything in 2 repos, reapplied my patches and was able to build an image successfully. I saw you pushed more changes today, I just re-synced everything and merged.

You can find the code here:

It's not the best repo structure, I was in a hurry and I'm in a hotel room :). There are a few other additions in the openwrt repo:

  • fullcone NAT - planning to try it out once we get a working build
  • sysupgrade on same partition
  • the kmod-bonding patch needed to build nss-clients
  • the kmod-keys-trusted fix (maybe @Ansuel could fix this in the upstream pull request also)
  • I tried to enable CONFIG_SET_FS=y, which is now removed for ARM by default.

Let me know if I can help further etc., I'll be around till later tonight.

4 Likes
5750

Thanks, will give it a go tommorow so that at least core NSS clocks are working

1 Like
5751

can you link the commit? what was wrong god damn....

pls don't tell me it's this...

  FILES:= \
	  $(LINUX_DIR)/security/keys/trusted.ko@lt5.10 \
	  $(LINUX_DIR)/security/keys/trusted-keys/trusted.ko@ge5.10
  FILES:= $(LINUX_DIR)/security/keys/trusted-keys/trusted.ko
5752

It's this one:

Adding the +(LINUX_5_15):kmod-asn1-encoder module alone didn't fix it, the full fix was also to remove the @ge5.13 from the CONFIG key:

  -KCONFIG:= CONFIG_ASN1_ENCODER@ge5.13
  +KCONFIG:=CONFIG_ASN1_ENCODER

It was very frustrating, I couldn't find the exact cause, but that fixed it.

5753

@Ansuel Can you also pick this:

It's the follow up on the original AQR patch since they added more ID-s

1 Like
5754

Ok, so wired networking has finally been fixed on AX9000 and probably every board except for AX3600 which is most likely due to older U-boot having init networking clocks before booting.

This was the only regression for 5.15 and has been pushed to the repo.

14 Likes
5755

How was that? How do you find it? GGs :clap: :clap:

5756

Check out the AX9000 thread so I dont have to summarize it, its not long.
Lets just say that it was another QCA-ism

5757

I was opening it while I wrote... Really good news! Thanks for your good work.

5758

So it's time to get ipq8074 merged into upstream?

5759

Thats gonna have to wait until there is generic 5.15 support, and that needs to wait until the next release is branched.

5760

Good "brainstorming" you had there guys, @robimarko @Crect y @RobertP . I have to say that I tried to push you into NSS DRV stuff with no one good argument really :joy: . I am learning a lot here in these threads.

5761

Have to tell you…. I haven’t been here long, but it’s amazing (and uncommon) for someone as technically proficient as you to take the time to acknowledge, respond to, and accept thoughts from others at all levels.

It is very easy, if not human nature, to brush things off because “I know, I already looked.”

This AX9000 back and forth in the AX9000 thread is just an example of that.

Honestly: Kudos to you.

5 Likes