Merge "buildroot: Fix missing parameter when setting laser channel"
diff --git a/fs/skeleton/etc/init.d/firewall b/fs/skeleton/etc/init.d/firewall
index 6bceaad..8261889 100755
--- a/fs/skeleton/etc/init.d/firewall
+++ b/fs/skeleton/etc/init.d/firewall
@@ -144,15 +144,6 @@
fi
ip46tables -P FORWARD DROP
- # multicast (fiber TV, EAS)
- ip46tables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
- ip46tables -A FORWARD -m pkttype --pkt-type multicast -j ACCEPT
- iptables -t nat -A PREROUTING -m pkttype --pkt-type multicast -j ACCEPT
-
- # Forwarding
- ip46tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
- ip46tables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-
# captive-portal-filter and captive-portal-input contain rules that should
# always be applied to the br1 (captive portal) interface, regardless of
# what services we're trying to provide with it.
@@ -164,6 +155,8 @@
ip46tables -N acs-captive-portal-filter
ip46tables -N acsrules-filter-forward
ip46tables -N MINIUPNPD
+ ip46tables -N wan-input
+ ip46tables -N wan-forward
ip46tables -N log
ip46tables -t nat -N captive-portal-guests-nat
@@ -172,12 +165,19 @@
iptables -t nat -N acsrules-nat-postrouting
ip46tables -t nat -N sniproxy-nat
iptables -t nat -N MINIUPNPD
+ ip46tables -t nat -N wan-nat
- ip46tables -A FORWARD -i br0 -j ACCEPT
- ip46tables -A FORWARD -i br1 -j captive-portal-guests
- ip46tables -A FORWARD -i br1 -j captive-portal-filter
+ for ifc in "wan0+" "frob+"; do
+ ip46tables -A INPUT -i "$ifc" -j wan-input
+ ip46tables -A FORWARD -i "$ifc" -j wan-forward
+ ip46tables -t nat -A PREROUTING -i "$ifc" -j wan-nat
- # I wanted to use '!wan0' here but, it doesn't work as documented.
+ ip46tables -A FORWARD -i br0 -o "$ifc" -j ACCEPT
+ done
+
+ ip46tables -A FORWARD -i br1 -o wan0+ -j captive-portal-guests
+ ip46tables -A FORWARD -i br1 -o wan0+ -j captive-portal-filter
+
for ifc in lo br0; do
ip46tables -A INPUT -i "$ifc" -j ACCEPT
done
@@ -186,8 +186,17 @@
ip46tables -A INPUT -i br1 -j acs-captive-portal-input
ip46tables -A INPUT -i br1 -j sniproxy-input
+ # multicast (fiber TV, EAS)
+ ip46tables -A wan-input -m pkttype --pkt-type multicast -j ACCEPT
+ ip46tables -A wan-forward -m pkttype --pkt-type multicast -j ACCEPT
+ ip46tables -t nat -A wan-nat -m pkttype --pkt-type multicast -j ACCEPT
+
+ # Forwarding
+ ip46tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+ ip46tables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
# igmp group membership control
- ip46tables -A INPUT -p igmp -j ACCEPT
+ ip46tables -A wan-input -p igmp -j ACCEPT
# ping and PMTUD
iptables -A INPUT -p icmp --icmp-type 8/0 -j ACCEPT
@@ -195,14 +204,14 @@
iptables -A INPUT -p icmp --icmp-type 11/0 -j ACCEPT
ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT
# RFC4890 says RFC4380 requires forwarding ipv6 ping requests
- ip6tables -A FORWARD -p icmpv6 --icmpv6-type echo-request -j ACCEPT
+ ip6tables -A wan-forward -p icmpv6 --icmpv6-type echo-request -j ACCEPT
# Incoming connections
# TODO(apenwarr): Whitelist ports here too for added safety.
if [ -e /tmp/NFS ]; then
# Workaround because netfilter conntracking loaded *after* the NFS
# session was established.
- ip46tables -A INPUT -p tcp --sport 2049 -j ACCEPT
+ ip46tables -A wan-input -p tcp --sport 2049 -j ACCEPT
fi
# Outgoing connections
@@ -211,40 +220,40 @@
# TODO(apenwarr): Remove this when we have real port forwarding controls.
if [ -e /tmp/DEBUG ]; then
- ip46tables -A INPUT -p tcp --dport 22 -j ACCEPT # ssh
- ip46tables -A FORWARD -p tcp --dport 22 -j ACCEPT # ssh for lan clients
- ip46tables -A INPUT -p tcp --dport 5001 -j ACCEPT # iperf
- ip46tables -A INPUT -p udp --dport 5001 -j ACCEPT # iperf
- ip46tables -A INPUT -p udp --dport 4948 -j ACCEPT # isoping
+ ip46tables -A wan-input -p tcp --dport 22 -j ACCEPT # ssh
+ ip46tables -A wan-forward -p tcp --dport 22 -j ACCEPT # ssh for lan clients
+ ip46tables -A wan-input -p tcp --dport 5001 -j ACCEPT # iperf
+ ip46tables -A wan-input -p udp --dport 5001 -j ACCEPT # iperf
+ ip46tables -A wan-input -p udp --dport 4948 -j ACCEPT # isoping
fi
# Open incoming ports for McDoleCast
if experiment McDoleCast; then
- ip46tables -A INPUT -p tcp --dport 31098 -j ACCEPT # sagesrv
- ip46tables -A INPUT -p tcp --dport 32825 -j ACCEPT # marjoram
+ ip46tables -A wan-input -p tcp --dport 31098 -j ACCEPT # sagesrv
+ ip46tables -A wan-input -p tcp --dport 32825 -j ACCEPT # marjoram
fi
# cwmpd ACS kick
- ip46tables -A INPUT -p tcp --dport 7547 -j ACCEPT # cwmpd
- ip6tables -A FORWARD -p tcp --dport 7547 -j ACCEPT # cwmpd
- iptables -t nat -A PREROUTING -p tcp --dport 7547 -j ACCEPT # cwmpd
+ ip46tables -A wan-input -p tcp --dport 7547 -j ACCEPT # cwmpd
+ ip6tables -A wan-forward -p tcp --dport 7547 -j ACCEPT # cwmpd
+ ip46tables -t nat -A wan-nat -p tcp --dport 7547 -j ACCEPT # cwmpd
if [ -e /tmp/factory_status ]; then
- ip46tables -A INPUT -p tcp --dport 8883 -j ACCEPT # factory web server
+ ip46tables -A wan-input -p tcp --dport 8883 -j ACCEPT # factory web server
fi
# active FTP out
ip46tables -A FORWARD -m conntrack --ctstate RELATED \
-m helper --helper ftp -o wan0+ -p tcp --dport 1024: -j ACCEPT
- ip46tables -A FORWARD -m conntrack --ctstate RELATED \
- -m helper --helper ftp -i wan0+ -p tcp --dport 1024: -j ACCEPT
+ ip46tables -A wan-forward -m conntrack --ctstate RELATED \
+ -m helper --helper ftp -p tcp --dport 1024: -j ACCEPT
# add ACS-configured things
ip46tables -A FORWARD -i br1 -j acs-captive-portal-filter
- ip46tables -A FORWARD -j acsrules-filter-forward
+ ip46tables -A FORWARD -i wan0+ -j acsrules-filter-forward
ip46tables -t nat -A PREROUTING -i br1 -j captive-portal-guests-nat
ip46tables -t nat -A PREROUTING -i br1 -j acs-captive-portal-nat
- iptables -t nat -A PREROUTING -j acsrules-nat-prerouting
- iptables -t nat -A POSTROUTING -j acsrules-nat-postrouting
+ iptables -t nat -A PREROUTING -i wan0+ -j acsrules-nat-prerouting
+ iptables -t nat -A POSTROUTING -o wan0+ -j acsrules-nat-postrouting
# these are managed by sniproxy, if running
ip46tables -t nat -A PREROUTING -j sniproxy-nat -i br1
@@ -254,7 +263,7 @@
iptables -t nat -A PREROUTING -i wan0+ -j MINIUPNPD
# nat
- iptables -t nat -A POSTROUTING -o wan0+ -j MASQUERADE
+ ip46tables -t nat -A POSTROUTING -o wan0+ -j MASQUERADE
# ipv6 addressing
ip6tables -A INPUT -p icmpv6 --icmpv6-type router-advertisement -j ACCEPT
diff --git a/fs/skeleton/usr/bin/reset-ghn.platform_gfiberlt b/fs/skeleton/usr/bin/reset-ghn.platform_gfiberlt
new file mode 100755
index 0000000..9f5bdf0
--- /dev/null
+++ b/fs/skeleton/usr/bin/reset-ghn.platform_gfiberlt
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+. /etc/utils.sh
+
+usage() {
+ echo "Usage:"
+ echo
+ echo " $0"
+ echo
+ echo " Uses gpio0 (GHN_RESET_N_L) to reset G.hn chip. No arguments."
+ echo
+ exit 99
+}
+
+platform=$(cat /etc/platform)
+if ! startswith "$platform" "GFLT4"; then
+ # Only GFLT400 has G.hn chip (Marvell's 88x5153)
+ exit 0
+fi
+
+if [ "$#" -ne "0" ]; then
+ usage
+fi
+
+echo 0 > /sys/class/gpio/gpio0/value
+echo 1 > /sys/class/gpio/gpio0/value
diff --git a/package/google/google_miniclient/S11mpserver b/package/google/google_miniclient/S11mpserver
index 0b304e1..9c9f9f3 100755
--- a/package/google/google_miniclient/S11mpserver
+++ b/package/google/google_miniclient/S11mpserver
@@ -10,6 +10,7 @@
# mcnmp_server playback code needs widevine and pullreader .so
export LD_LIBRARY_PATH=/app/client
export SAGEBIN_PATH=/usr/lib/sage_firmware
+ export DRM_BIN_FILE=/user/widevine/drm.bin
rm -f /tmp/nexus_multiprocess
babysit 10 mcnmp_server 2>&1 | logos mcnmp_server 0 20000000 &
wait-until-created /tmp/nexus_multiprocess
diff --git a/package/google/google_miniclient/runminiclient b/package/google/google_miniclient/runminiclient
index a5e65bc..4dde33f 100755
--- a/package/google/google_miniclient/runminiclient
+++ b/package/google/google_miniclient/runminiclient
@@ -33,6 +33,7 @@
}
export LD_LIBRARY_PATH=/app/client:/usr/local/lib:$LD_LIBRARY_PATH
+export DRM_BIN_FILE=/user/widevine/drm.bin
export SERIALNUMBER=$(cat /etc/serial)
ulimit -c 49152
diff --git a/package/simpleramfs/simpleramfs.mk b/package/simpleramfs/simpleramfs.mk
index 154b965..3049a1e 100644
--- a/package/simpleramfs/simpleramfs.mk
+++ b/package/simpleramfs/simpleramfs.mk
@@ -104,7 +104,6 @@
$(@D)/fs/bin/
# driver firmware and modules
- ln -f fs/skeleton/sbin/hotplug $(@D)/fs/sbin/
ln -f fs/skeleton/etc/utils.sh $(@D)/fs/etc/
if [ "$(BR2_PACKAGE_MINDSPEED_DRIVERS)" = "y" ]; then \
mkdir -p $(@D)/fs/lib/modules $(@D)/fs/lib/firmware && \
