Specification:
* SoC: MediaTek MT7621ST (1C/2T)
* RAM: 256 MB DDR3
* Flash: 128 MB NAND S34ML01G200TFI00
* Ethernet: 5x 10/100/1000 Mbps
* WIFI: 5 GHz MT7612EN nac
* WIFI: 2.4 GHz MT7602EN bgn
* USB: 1x 2.0, 1x 3.0
* BTN: Power, Reset, WPS, FN1, FN2
* LEDS: Power(Green),Fn(Green),Wan(Green),WiFi2(Green),WiFi5(Green),
USB1(Green),USB2(Green)
* UART: present as five pads without through-holes on the PCB.
Pads are located above 2.4G LED and under board logotype
(GND/empty/RX/TX/Vcc).
UART uses 3.3V and settings: 57600-8-N-1
MAC addresses as verified by stock firmware:
| Interface | MAC | Factory | Format |
|-------------+-------------------+---------+--------|
| WiFi (2.4g) | xx:xx:xx:xx:xx:20 | 0x4 | binary |
| LAN | xx:xx:xx:xx:xx:20 | 0x4 | binary |
| WAN (label) | xx:xx:xx:xx:xx:21 | 0x28 | binary |
| WiFi (5g) | xx:xx:xx:xx:xx:22 | 0x8004 | binary |
Installation via U-Boot:
* Download the latest OpenWrt firmware factory-image and rename it to
kgiga3_recovery.bin
* Set up a Tftp server on a PC (e.g. Tftpd32) and place the firmware
image to the root directory of the server.
* Power off the router and use a twisted pair cable to connect the PC
to any of the router's LAN ports.
* Configure the network adapter of the PC to use IP address 192.168.1.2
and subnet mask 255.255.255.0.
* Power up the router while holding the reset button pressed.
* Wait approximately for 5 seconds and then release the reset button.
* The router should download the firmware via TFTP and complete flashing
in a few minutes.
* Connect with SSH to 192.168.1.1 and set a root password or browse to
http://192.168.1.1 if LuCI is installed.
Installation via Keenetic-OS GUI:
* Set the IP address 192.168.1.1 for the connected device (in the
KeeneticOS settings and in the network connection properties).
* Open the page "http://192.168.1.1/a" in the browser, enter the
command "more proc:/dual_image/boot_active" (without quotes) in
the "Command" field and click the "Send request" button.
* A response will appear in the browser, from which you need to select
only the value of the "message" parameter.
* If the value of the "message" parameter is not equal to 2, then you
need to force flash any official firmware (Keenetic-OS) and go to
the first step of the instruction.
* To install OpenWRT, go to the "General Settings" page and in the
"System Files" section, click on "firmware".
* Then click the "Replace File" button.
* In the window that appears, specify the location of the file
"openwrt-ramips-mt7621-zyxel_keenetic-giga-iii-squashfs-factory.bin".
* The installation of OpenWRT on the device will begin and complete
flashing in a few minutes.
* Browse to http://192.168.1.1 and set root password.
Revert to the stock firmware via OpenWrt GUI:
* Upload the stock image using "Flash Firmware" interface.
* Select "Force update" and continuing upgrade.
Signed-off-by: Oleg S <remittor@gmail.com>
Use ipcalc's return value to react to invalid range specifications.
By simply ignoring the range instead of aborting with an error code,
dnsmasq should still start when there's an error (best effort).
Aborting the config generation or working with invalid range specs leaves
dnsmasq crash-looping which is the right thing to do concerning that
particular interface but it also hinders DHCP service on other interfaces
and DNS on the router itself.
Signed-off-by: Leon M. George <leon@georgemail.eu>
Dnsmasq DNS cache size is only 150 by default.
Set the uci default value to 1000, so that cache gets used more
and unnecessary DNS queries to upstream can be avoided.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Most relevant feature for openwrt in this release, supports dynamically
removing hosts from 'hostsdir' supplied host files.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Add new UCI list 'addn_mount' allowing the expose additional filesystem
paths to the jailed dnsmasq process. This is useful e.g. in case of
manually configured includes to the configuration file or symlinks
pointing outside of the exposed paths as used by e.g. the safe-search
package in the packages feed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This add --filter-A and --filter-AAAA options, to remove IPv4 or IPv6
addresses from DNS answers. these options is supported since version 2.87.
Co-authored-by: NueXini <nuexini@alumni.tongji.edu.cn>
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Add build option for nftables sets. By default disable iptables ipset
support. By default enable nftable nftset support since this is what
fw4 uses.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
dnsmasq: nftset: serve from ipset config
Use existing ipset configs as source for nftsets to be compatible with
existing configs. As the OS can either have iptables XOR nftables
support, it's fine to provide both to dnsmasq. dnsmasq will silently
fail for the present one. Depending on the dnsmasq compile time options,
the ipsets or nftsets option will not be added to the dnsmasq config
file.
dnsmasq will try to add the IP addresses to all sets, regardless of the
IP version defined for the set. Adding an IPv6 to an IPv4 set and vice
versa will silently fail.
Signed-off-by: Mathias Kresin <dev@kresin.me>
dnsmasq: support populating nftsets in addition to ipsets
Tell dnsmasq to populate nftsets instead of ipsets, if firewall4 is present in
the system. Keep the same configuration syntax in /etc/config/dhcp, for
compatibility purposes.
Huge thanks to Jo-Philipp Wich for basically writing the function.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
dnsmasq: obtain nftset ip family from nft
Unfortunately dnsmasq nft is noisy if an attempt to add a mismatched ip address
family to an nft set is made.
Heuristic to guess which ip family a nft set might belong by inferring
from the set name.
In order of preference:
If setname ends with standalone '4' or '6' use that, else
if setname has '4' or '6' delimited by '-' or '_' use that (eg
foo-4-bar) else
If setname begins with '4' or '6' standalone use that.
By standalone I mean not as part of a larger number eg. 24
If the above fails then use the existing nft set query mechanism and if
that fails, well you're stuffed!
With-thanks-to: Jo-Philipp Wich <jo@mein.io> who improved my regexp
knowledge.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
dnsmasq: specify firewall table for nftset
Permit ipsets to specify an nftables table for the set. New config
parameter is 'table'. If not specified the default of 'fw4' is used.
config ipset
list name 'BK_4,BK_6'
option table 'dscpclassify'
option table_family 'ip'
option family '4'
list domain 'ms-acdc.office.com'
list domain 'windowsupdate.com'
list domain 'update.microsoft.com'
list domain 'graph.microsoft.com'
list domain '1drv.ms'
list domain '1drv.com'
The table family can also be specified, usually 'ip' or 'ip6' else the
default 'inet' capable of both ipv4 & ipv6 is used.
If the table family is not specified then finally a family option is
available to specify either '4' or '6' for ipv4 or ipv6 respectively.
This is all in addition to the existing heuristic that will look in the
nftset name for an ip family clue, or in total desperation, query the
value from the nftset itself.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
When running sysupgrade from an existing configuration, move existing
ipset definitions to a dedicated config section. Later on, it will allow
to serve ipset as well as nftable sets from the same configuration.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Use new ubus-based hotplug call in dhcp-script.sh
As sysntpd now makes use of the new ubus-based hotplug calls, dnsmasq
no longer needs to ship ACL to cover ntpd-hotplug.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add option to compile kmod-inet-diag, support for INET (TCP, DCCP, etc)
socket monitoring interface used by native Linux tools such as ss.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Some devices need this to configure the LED configuration. This
way, the correct value for board specific LED configuration can
be determined.
Signed-off-by: AmadeusGhost <amadeus@jmu.edu.cn>
The original patch over rode the nf_conntrack_un/register_notifier API, which will
break other modules relying on the API. Reworked the notification APIs to play nice
with others. Also avoid to touch the code of fullcone nat.
Co-Authored-By: AmadeusGhost <42570690+AmadeusGhost@users.noreply.github.com>
Co-Authored-By: quarkysg <35649562+quarkysg@users.noreply.github.com>
