I pretty much have done this, although one is just for home automation/IoT devices too.
In hindsight, I should have picked up more way back when. Walmart had a whole endcap of them last year.
1 Like
Looks like Mediaktek commits for 5.15.x have landed in master. I tried a new build with my current config (not a fresh install) and I couldn't get the WAN port to do anything. Everything else worked. Once I'm done with work, I'll set it up the right way with 'firstboot'/etc.
Other than that issue, everything worked.
Update: Clean install is all happy. I can't make it hiccup so far on 5.15. I know A LOT of ARM updates landed between .10 and .15 so it'll be interesting to see if performance is a little better. Seems better supported.
hi everybody if you want upnp work you will do apply this patch @JimmyValentine @segal_72
{% let flowtable_devices = fw4.resolve_offload_devices(); -%}
table inet fw4
flush table inet fw4
{% if (fw4.check_flowtable()): %}
delete flowtable inet fw4 ft
{% endif %}
table inet fw4 {
{% if (length(flowtable_devices) > 0): %}
#
# Flowtable
#
flowtable ft {
hook ingress priority 0;
devices = {{ fw4.set(flowtable_devices, true) }};
{% if (fw4.default_option("flow_offloading_hw")): %}
flags offload;
{% endif %}
}
{% endif %}
#
# Set definitions
#
{% for (let set in fw4.ipsets()): %}
set {{ set.name }} {
type {{ fw4.concat(set.types) }}
{% if (set.maxelem > 0): %}
size {{ set.maxelem }}
{% endif %}
{% if (set.timeout >= 0): %}
timeout {{ set.timeout }}s
{% endif %}
{% if (set.interval): %}
flags interval
auto-merge
{% endif %}
{% fw4.print_setentries(set) %}
}
{% endfor %}
#
# Defines
#
{% for (let zone in fw4.zones()): %}
{% if (length(zone.match_devices)): %}
define {{ zone.name }}_devices = {{ fw4.set(zone.match_devices, true) }}
{% endif %}
{% if (length(zone.match_subnets)): %}
define {{ zone.name }}_subnets = {{ fw4.set(zone.match_subnets, true) }}
{% endif %}
{% endfor %}
#
# User includes
#
include "/etc/nftables.d/*.nft"
#
# Filter rules
#
chain input {
type filter hook input priority filter; policy {{ fw4.input_policy(true) }};
iifname "lo" accept comment "!fw4: Accept traffic from loopback"
ct state established,related accept comment "!fw4: Allow inbound established and related flows"
{% if (fw4.default_option("drop_invalid")): %}
ct state invalid drop comment "!fw4: Drop flows with invalid conntrack state"
{% endif %}
{% if (fw4.default_option("synflood_protect") && fw4.default_option("synflood_rate")): %}
tcp flags & (fin | syn | rst | ack) == syn jump syn_flood comment "!fw4: Rate limit TCP syn packets"
{% endif %}
{% for (let rule in fw4.rules("input")): %}
{%+ include("rule.uc", { fw4, rule }) %}
{% endfor %}
{% for (let zone in fw4.zones()): for (let rule in zone.match_rules): %}
{%+ include("zone-jump.uc", { fw4, zone, rule, direction: "input" }) %}
{% endfor; endfor %}
{% if (fw4.input_policy() == "reject"): %}
jump handle_reject
{% endif %}
}
chain forward {
type filter hook forward priority filter; policy {{ fw4.forward_policy(true) }};
{% if (length(flowtable_devices) > 0): %}
meta l4proto { tcp, udp } flow offload @ft;
{% endif %}
ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
{% if (fw4.default_option("drop_invalid")): %}
ct state invalid drop comment "!fw4: Drop flows with invalid conntrack state"
{% endif %}
{% for (let rule in fw4.rules("forward")): %}
{%+ include("rule.uc", { fw4, rule }) %}
{% endfor %}
{% for (let zone in fw4.zones()): for (let rule in zone.match_rules): %}
{%+ include("zone-jump.uc", { fw4, zone, rule, direction: "forward" }) %}
{% endfor; endfor %}
{% if (fw4.forward_policy() == "reject"): %}
jump handle_reject
{% endif %}
}
chain output {
type filter hook output priority filter; policy {{ fw4.output_policy(true) }};
oifname "lo" accept comment "!fw4: Accept traffic towards loopback"
ct state established,related accept comment "!fw4: Allow outbound established and related flows"
{% if (fw4.default_option("drop_invalid")): %}
ct state invalid drop comment "!fw4: Drop flows with invalid conntrack state"
{% endif %}
{% for (let rule in fw4.rules("output")): %}
{%+ include("rule.uc", { fw4, rule }) %}
{% endfor %}
{% for (let zone in fw4.zones()): for (let rule in zone.match_rules): %}
{%+ include("zone-jump.uc", { fw4, zone, rule, direction: "output" }) %}
{% endfor; endfor %}
{% if (fw4.output_policy() == "reject"): %}
jump handle_reject
{% endif %}
}
chain handle_reject {
meta l4proto tcp reject with {{
(fw4.default_option("tcp_reject_code") != "tcp-reset")
? "icmpx type " + fw4.default_option("tcp_reject_code")
: "tcp reset"
}} comment "!fw4: Reject TCP traffic"
reject with {{
(fw4.default_option("any_reject_code") != "tcp-reset")
? "icmpx type " + fw4.default_option("any_reject_code")
: "tcp reset"
}} comment "!fw4: Reject any other traffic"
}
{% if (fw4.default_option("synflood_protect") && fw4.default_option("synflood_rate")):
let r = fw4.default_option("synflood_rate");
let b = fw4.default_option("synflood_burst");
%}
chain syn_flood {
limit rate {{ r.rate }}/{{ r.unit }}
{%- if (b): %} burst {{ b }} packets{% endif %} return comment "!fw4: Accept SYN packets below rate-limit"
drop comment "!fw4: Drop excess packets"
}
{% endif %}
{% for (let zone in fw4.zones()): %}
chain input_{{ zone.name }} {
{% for (let rule in fw4.rules("input_"+zone.name)): %}
{%+ include("rule.uc", { fw4, rule }) %}
{% endfor %}
ct status dnat accept comment "!fw4: Accept port redirections"
jump {{ zone.input }}_from_{{ zone.name }}
}
chain output_{{ zone.name }} {
{% for (let rule in fw4.rules("output_"+zone.name)): %}
{%+ include("rule.uc", { fw4, rule }) %}
{% endfor %}
jump {{ zone.output }}_to_{{ zone.name }}
}
chain forward_{{ zone.name }} {
{% for (let rule in fw4.rules("forward_"+zone.name)): %}
{%+ include("rule.uc", { fw4, rule }) %}
{% endfor %}
ct status dnat accept comment "!fw4: Accept port forwards"
jump {{ zone.forward }}_to_{{ zone.name }}
}
{% for (let verdict in ["accept", "reject", "drop"]): %}
{% if (zone.sflags[verdict]): %}
chain {{ verdict }}_from_{{ zone.name }} {
{% for (let rule in zone.match_rules): %}
{%+ include("zone-verdict.uc", { fw4, zone, rule, egress: false, verdict }) %}
{% endfor %}
}
{% endif %}
{% if (zone.dflags[verdict]): %}
chain {{ verdict }}_to_{{ zone.name }} {
{% for (let rule in zone.match_rules): %}
{%+ include("zone-verdict.uc", { fw4, zone, rule, egress: true, verdict }) %}
{% endfor %}
}
{% endif %}
{% endfor %}
{% endfor %}
#
# NAT rules
#
chain dstnat {
type nat hook prerouting priority dstnat; policy accept;
{% for (let zone in fw4.zones()): %}
{% if (zone.dflags.dnat): %}
{% for (let rule in zone.match_rules): %}
{%+ include("zone-jump.uc", { fw4, zone, rule, direction: "dstnat" }) %}
{% endfor %}
{% endif %}
{% endfor %}
}
chain srcnat {
type nat hook postrouting priority srcnat; policy accept;
{% for (let redirect in fw4.redirects("srcnat")): %}
{%+ include("redirect.uc", { fw4, redirect }) %}
{% endfor %}
{% for (let zone in fw4.zones()): %}
{% if (zone.dflags.snat): %}
{% for (let rule in zone.match_rules): %}
{%+ include("zone-jump.uc", { fw4, zone, rule, direction: "srcnat" }) %}
{% endfor %}
{% endif %}
{% endfor %}
}
{% for (let zone in fw4.zones()): %}
{% if (zone.dflags.dnat): %}
chain dstnat_{{ zone.name }} {
{% for (let redirect in fw4.redirects("dstnat_"+zone.name)): %}
{%+ include("redirect.uc", { fw4, redirect }) %}
{% endfor %}
}
{% endif %}
{% if (zone.dflags.snat): %}
chain srcnat_{{ zone.name }} {
{% for (let redirect in fw4.redirects("srcnat_"+zone.name)): %}
{%+ include("redirect.uc", { fw4, redirect }) %}
{% endfor %}
{% if (zone.masq): %}
{% for (let saddrs in zone.masq4_src_subnets): %}
{% for (let daddrs in zone.masq4_dest_subnets): %}
{%+ include("zone-masq.uc", { fw4, zone, family: 4, saddrs, daddrs }) %}
{% endfor %}
{% endfor %}
{% endif %}
{% if (zone.masq6): %}
{% for (let saddrs in zone.masq6_src_subnets): %}
{% for (let daddrs in zone.masq6_dest_subnets): %}
{%+ include("zone-masq.uc", { fw4, zone, family: 6, saddrs, daddrs }) %}
{% endfor %}
{% endfor %}
{% endif %}
}
{% endif %}
{% endfor %}
#
# Raw rules (notrack & helper)
#
chain raw_prerouting {
type filter hook prerouting priority raw; policy accept;
{% for (let target in ["helper", "notrack"]): %}
{% for (let zone in fw4.zones()): %}
{% if (zone.dflags[target]): %}
{% for (let rule in zone.match_rules): %}
{% let devices_pos = fw4.filter_loopback_devs(rule.devices_pos, false); %}
{% let subnets_pos = fw4.filter_loopback_addrs(rule.subnets_pos, false); %}
{% if (rule.devices_neg || rule.subnets_neg || devices_pos || subnets_pos): %}
{%+ if (rule.family): -%}
meta nfproto {{ fw4.nfproto(rule.family) }} {%+ endif -%}
{%+ include("zone-match.uc", { fw4, egress: false, rule: { ...rule, devices_pos, subnets_pos } }) -%}
jump {{ target }}_{{ zone.name }} comment "!fw4: {{ zone.name }} {{ fw4.nfproto(rule.family, true) }} {{
(target == "helper") ? "CT helper assignment" : "CT bypass"
}}"
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}
{% endfor %}
}
chain raw_output {
type filter hook output priority raw; policy accept;
{% for (let target in ["helper", "notrack"]): %}
{% for (let zone in fw4.zones()): %}
{% if (zone.dflags[target]): %}
{% for (let rule in zone.match_rules): %}
{% let devices_pos = fw4.filter_loopback_devs(rule.devices_pos, true); %}
{% let subnets_pos = fw4.filter_loopback_addrs(rule.subnets_pos, true); %}
{% if (devices_pos || subnets_pos): %}
{%+ if (rule.family): -%}
meta nfproto {{ fw4.nfproto(rule.family) }} {%+ endif -%}
{%+ include("zone-match.uc", { fw4, egress: false, rule: { ...rule, devices_pos, subnets_pos } }) -%}
jump {{ target }}_{{ zone.name }} comment "!fw4: {{ zone.name }} {{ fw4.nfproto(rule.family, true) }} {{
(target == "helper") ? "CT helper assignment" : "CT bypass"
}}"
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}
{% endfor %}
}
{% for (let helper in fw4.helpers()): %}
{% if (helper.available): %}
{% for (let proto in helper.proto): %}
ct helper {{ helper.name }} {
type {{ fw4.quote(helper.name, true) }} protocol {{ proto.name }};
}
{% endfor %}
{% endif %}
{% endfor %}
{% for (let target in ["helper", "notrack"]): %}
{% for (let zone in fw4.zones()): %}
{% if (zone.dflags[target]): %}
chain {{ target }}_{{ zone.name }} {
{% for (let rule in fw4.rules(target+"_"+zone.name)): %}
{%+ include("rule.uc", { fw4, rule }) %}
{% endfor %}
}
{% endif %}
{% endfor %}
{% endfor %}
#
# Mangle rules
#
chain mangle_prerouting {
type filter hook prerouting priority mangle; policy accept;
{% for (let rule in fw4.rules("mangle_prerouting")): %}
{%+ include("rule.uc", { fw4, rule }) %}
{% endfor %}
}
chain mangle_postrouting {
type filter hook postrouting priority mangle; policy accept;
{% for (let rule in fw4.rules("mangle_postrouting")): %}
{%+ include("rule.uc", { fw4, rule }) %}
{% endfor %}
}
chain mangle_input {
type filter hook input priority mangle; policy accept;
{% for (let rule in fw4.rules("mangle_input")): %}
{%+ include("rule.uc", { fw4, rule }) %}
{% endfor %}
}
chain mangle_output {
type filter hook output priority mangle; policy accept;
{% for (let rule in fw4.rules("mangle_output")): %}
{%+ include("rule.uc", { fw4, rule }) %}
{% endfor %}
}
chain mangle_forward {
type filter hook forward priority mangle; policy accept;
{% for (let rule in fw4.rules("mangle_forward")): %}
{%+ include("rule.uc", { fw4, rule }) %}
{% endfor %}
{% for (let zone in fw4.zones()): %}
{% if (zone.mtu_fix): %}
{% for (let rule in zone.match_rules): %}
{%+ include("zone-mssfix.uc", { fw4, zone, rule, egress: false }) %}
{%+ include("zone-mssfix.uc", { fw4, zone, rule, egress: true }) %}
{% endfor %}
{% endif %}
{% endfor %}
}
}
2 Likes
Hi Guys. I keep getting the following error when upgrading to RC1 via AUC
Signature check passed.
/home/debian/metrics/worker1/cache/22.03.0-rc1/mediatek/mt7622/build_dir/target-aarch64_cortex-a53_musl/root-mediatek/etc/init.d/usteer: line 10: /lib/functions/network.sh: No such file or directory
/home/debian/metrics/worker1/cache/22.03.0-rc1/mediatek/mt7622/build_dir/target-aarch64_cortex-a53_musl/root-mediatek/etc/init.d/usteer: line 11: /usr/share/libubox/jshn.sh: No such file or directory
/home/debian/metrics/worker1/cache/22.03.0-rc1/mediatek/mt7622/build_dir/target-aarch64_cortex-a53_musl/root-mediatek/etc/init.d/usteer: line 12: /lib/functions.sh: No such file or directory
./etc/init.d/usteer: line 10: /lib/functions/network.sh: No such file or directory
./etc/init.d/usteer: line 11: /usr/share/libubox/jshn.sh: No such file or directory./etc/init.d/usteer: line 12: /lib/functions.sh: No such file or directory
Pseudo file "/dev" exists in source filesystem "/home/debian/metrics/worker1/cache/22.03.0-rc1/mediatek/mt7622/build_dir/target-aarch64_cortex-a53_musl/root-mediatek/dev".
Ignoring, exclude it (-e/-ef) to override.
9910+1 records in
9910+1 records out
5074275 bytes (5.1 MB, 4.8 MiB) copied, 0.131019 s, 38.7 MB/s
1781+1 records in
1782+0 records out
7299072 bytes (7.3 MB, 7.0 MiB) copied, 0.0725606 s, 101 MB/s
/home/debian/metrics/worker1/cache/22.03.0-rc1/mediatek/mt7622/build_dir/target-aarch64_cortex-a53_musl/linux-mediatek_mt7622/tmp/openwrt-22.03.0-rc1-3bb64b2dd339-mediatek-mt7622-linksys_e8450-ubi-squashfs-sysupgrade.itb.its:17.11-19.6: Warning (unit_address_vs_reg): /images/kernel-1/hash@1: node has a unit name, but no reg or ranges property
/home/debian/metrics/worker1/cache/22.03.0-rc1/mediatek/mt7622/build_dir/target-aarch64_cortex-a53_musl/linux-mediatek_mt7622/tmp/openwrt-22.03.0-rc1-3bb64b2dd339-mediatek-mt7622-linksys_e8450-ubi-squashfs-sysupgrade.itb.its:20.11-22.6: Warning (unit_address_vs_reg): /images/kernel-1/hash@2: node has a unit name, but no reg or ranges property
/home/debian/metrics/worker1/cache/22.03.0-rc1/mediatek/mt7622/build_dir/target-aarch64_cortex-a53_musl/linux-mediatek_mt7622/tmp/openwrt-22.03.0-rc1-3bb64b2dd339-mediatek-mt7622-linksys_e8450-ubi-squashfs-sysupgrade.itb.its:34.11-36.6: Warning (unit_address_vs_reg): /images/fdt-1/hash@1: node has a unit name, but no reg or ranges property
/home/debian/metrics/worker1/cache/22.03.0-rc1/mediatek/mt7622/build_dir/target-aarch64_cortex-a53_musl/linux-mediatek_mt7622/tmp/openwrt-22.03.0-rc1-3bb64b2dd339-mediatek-mt7622-linksys_e8450-ubi-squashfs-sysupgrade.itb.its:37.11-39.6: Warning (unit_address_vs_reg): /images/fdt-1/hash@2: node has a unit name, but no reg or ranges property
/home/debian/metrics/worker1/cache/22.03.0-rc1/mediatek/mt7622/build_dir/target-aarch64_cortex-a53_musl/linux-mediatek_mt7622/tmp/openwrt-22.03.0-rc1-3bb64b2dd339-mediatek-mt7622-linksys_e8450-ubi-squashfs-sysupgrade.itb.its:51.11-53.6: Warning (unit_address_vs_reg): /images/rootfs-1/hash@1: node has a unit name, but no reg or ranges property
/home/debian/metrics/worker1/cache/22.03.0-rc1/mediatek/mt7622/build_dir/target-aarch64_cortex-a53_musl/linux-mediatek_mt7622/tmp/openwrt-22.03.0-rc1-3bb64b2dd339-mediatek-mt7622-linksys_e8450-ubi-squashfs-sysupgrade.itb.its:54.11-56.6: Warning (unit_address_vs_reg): /images/rootfs-1/hash@2: node has a unit name, but no reg or ranges property
done
Invalid argument (22)
Things mostly work well on this device for me running master snapshots, but it seems like enabling software flow offload frequently wreaks havoc on the wired network (either LAN and/or WAN ports). Created https://github.com/openwrt/openwrt/issues/9717 .
My brand new RT3200 needs some expert assistance.
I am new to OpenWrt so I am sorry in advance for my inexperience...
I followed dangowrt's guide on GitHub and successfully flashed the prebuilt recovery-installer and then the sysupgrade. So far so good. I followed the post-install tips and entered the CPU freq and scheduling parameters.
After reboot (but without entering recovery mode) I tried flashing newest UBI snapshot sysupgrade.
And it was just stuck forever. I gave up after maybe 15 min. Now i can't boot the device normally and can only access LuCI if I hold the reset button on powerup. It looks like this:
I tried holding down reset button for 10 seconds but nothing changes.
It obviously failed to flash the latest snapshot.
Not sure what to do now or if there is something I can do to restore it and update properly.
I don't have serial access equipment so hoping there is a fix for my brand new RT3200...
2 Likes
Thank you Daniel. The flash went fine and I can now boot the device normally!
I understand this is not the latest snapshot but hopefully I am not missing out on security fixes.
Maybe I will try a newer snapshot soon again 
1 Like
You should be fine to flash a newer snapshot now.
hi welcome ! you are french ? i can help if you want 
just noticed something on my MT7622 device, when it is not doing anything, in idle mode, the cpu frequency is still @1.35Ghz isn't it supposed to go at the lowest speed ? 300Mhz here.
root@box:~# cat /sys/devices/system/cpu/cpu*/cpufreq/cpuinfo_cur_freq
1350000
1350000
root@box:~# cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_available_frequencies
300000 437500 600000 812500 1025000 1137500 1262500 1350000
300000 437500 600000 812500 1025000 1137500 1262500 1350000
is it the same for you ??
Have you set another cpu governor than default like the wiki about this devices have as a tip?
i didn't change anything about the cpu. i give a look to the wiki, i was not aware about this.
well so basicaly, i have to add these 2 lines in /etc/rc.local
echo 437500 > /sys/devices/system/cpu/cpufreq/policy0/scaling_min_freq
echo schedutil > /sys/devices/system/cpu/cpufreq/policy0/scaling_governor
is this correct ?
Edit:
thanks Anteus i just made some test, and it works well now.
3 Likes
The /etc/rc.local solution works but you can also consider merging https://github.com/openwrt/openwrt/pull/5025
Not sure why it is taking so long to get that merged.
i'm not using a belkin/linksys device, but a totolink a8000ru...i hope this "patch" will be added to the MT7622 base-files as mentionned here
btw, i compared the temp before (when the governor was set to performance) and now with "ondemand", the difference is hardly 1°c (48° vs 49°)
The frequency is reduced, but the voltage ??
i used this command:
cat /sys/class/thermal/thermal_zone0/temp
2 Likes
Install luci-app-attendedsysupgrade. It makes updating a lot easier.
I also have the Totolink A8000RU and been running schedutil for months without changing the min scaling frequency and haven’t noticed any problems or it hanging on reboot.
Is it something that only affects the RT3200/E8450 models?
Doesn't happen on schedutil I've also been running only that for a few weeks now
schedutil set the frequency at 1Ghz, it's not a big difference compared to performance @ 1.35Ghz
ondemand set the frequency to scaling_min_freq which is 437Mhz in my case.
i tried to reboot 10 times, without any issue, so i think i'll stay with ondemand