Information about this project

[boxer4]

Curious if this project is still being looked at? I am wondering if I should look into using my XTM-21W.

Not sure if this is useful information but I pulled the Atheros wifi card from it and found that it seems to work with the ath9k Linux driver in 4.4.163, which may make porting easier.

[greguu]

I have not abandoned this project, but have very limited time at the moment. Next on the list is to get the RTL8366SR switch going so the Ethernet port and WAN port will work. WiFi is not an issue. There has been some progress in regards to Linux support for RTL8366RB chip sets and I need to test if this code actually works on the Watchguard. Once the switch is working the remaining stuff should not be too hard to implement (WiFi, LED and flashing OpenWrt to NAND), but a proper implementation maybe still away a bit.

[boxer4]

Thank you for replying. At this point I was just wondering if I should scavenge the unit for parts and dispose of the unit or not. Seems the architecture of this unit may be one-off and may not be applicable to other devices and not too interesting to keep around? Or do you expect it perhaps one day be accepted for merging with the mainline kernel?

[greguu]

I think the unit is quite nice specs wise (even today) and I would not dispose it. The only parts you could scavenge are the WiFi card and the Antennas. I am not sure this specific port will go mainline, but I am confident I can get a functional OpenWrt going sometime this year and maybe OpenWrt will keep the port in their branch if I and others are willing to look after it. As mentioned I am just very busy with other things at the moment and there have not been any other requests about this device. However, you can pick them up on ebay now quite cheap as the official EOL was two years ago so it may get some traction on OpenWrt once a port is complete. Its a nice unit with a somewhat popular ARM SoC (Intel Xscale based) that will remain in the kernel for some years to come.

[ismailkisla]

Hi . I bought an xt22 from the flea market. I'm thinking of buying open-wrt but. I was unable to create the image.i use ubuntu 20.04.

i am getting this error:FATAL ERROR: Unable to parse input tree

[greguu]

the last fork of OpenWrt for the XTM 22 is in this repo

[ismailkisla]

hi the building finish . but created files name openwrt-snapshot-r18823-a48f53e9e0-ixp4xx-watchguard-rootfs.tar.gz no watchguard zimage

[greguu]

the zImage is in the openwrt build folder somewhere, its not in the same folder as the rootfs. Once the build finished, you still need to append the watchguard device tree dtb file to the zImage (using cat) as well before you can boot the zImage.

[boxer4]

I may need to try this for the first time. Seems the serial port connector supplies 3v3 which unfortunately I don't have any 3v3 rs232 transceivers for this at this time, so it may be a while before first boot occurs, not to mention not having a bona-fide wall wart for it!

[greguu]

@boxer4 I can look up the make / model of the serial adapter I used. I got some really cheap USB TTL adapters as well, but never tried them on this board. I got the one in the picture as I intended to present the serial port through the housing at some stage, for ease of access. You need a 12v 2a, pretty standard power supply.

[zastrixarundell]

Hey there! I also bought one from the flea market today and I tried to build my own image for OpenWRT with this but failed as this is my first time doing this so I'm probably doing something wrong.

Thankfully the router has an rj45 console connection and I'm using some random USB->Serial and a hand-made DB9 to rt45 adapter, so I got serial access fairly easily.

I did follow this wiki up to the make menuconfig and I guessed that I have to import the config from _files/ into .config.

If that's wrong, would it be a problem to write some guildes as to how to build the image with these changes?

I saw that this was mentioned:

the last fork of OpenWrt for the XTM 22 is in this repo

But I did get an syntex error during compilation, nor do I really know which settings to enable during compilation (the Y/n prompt).

Error: arch/arm/boot/dts/intel-ixp43x-watchguard-xtm21w.dts:175.3-176.1 syntax error
FATAL ERROR: Unable to parse input tree
make[6]: *** [scripts/Makefile.lib:364: arch/arm/boot/dts/intel-ixp43x-watchguard-xtm21w.dtb] Error 1
make[5]: *** [Makefile:1373: dtbs] Error 2
make[5]: *** Waiting for unfinished jobs....
  HOSTCC  scripts/genksyms/parse.tab.o
  HOSTCC  scripts/genksyms/lex.lex.o
  HOSTLD  scripts/genksyms/genksyms
make[5]: Leaving directory '/var/home/zastrix/Documents/openwrt/build_dir/target-armeb_xscale_musl/linux-ixp4xx/linux-5.18-rc1'
make[4]: *** [Makefile:26: /var/home/zastrix/Documents/openwrt/build_dir/target-armeb_xscale_musl/linux-ixp4xx/linux-5.18-rc1/.modules] Error 2
make[4]: Leaving directory '/var/home/zastrix/Documents/openwrt/target/linux/ixp4xx'
make[3]: *** [Makefile:11: compile] Error 2
make[3]: Leaving directory '/var/home/zastrix/Documents/openwrt/target/linux'
time: target/linux/compile#12.69#5.72#339.51
    ERROR: target/linux failed to build.
make[2]: *** [target/Makefile:30: target/linux/compile] Error 1
make[2]: Leaving directory '/var/home/zastrix/Documents/openwrt'
make[1]: *** [target/Makefile:23: /var/home/zastrix/Documents/openwrt/staging_dir/target-armeb_xscale_musl/stamp/.target_compile] Error 2
make[1]: Leaving directory '/var/home/zastrix/Documents/openwrt'
make: *** [/var/home/zastrix/Documents/openwrt/include/toplevel.mk:230: world] Error 2

Edit:

I'd definitely be willing to write documentation on how to do this + eventually create a Dockerfile for container-based builds of this project.

[ismailkisla]

Hey there! I also bought one from the flea market today and I tried to build my own image for OpenWRT with this but failed as this is my first time doing this so I'm probably doing something wrong.

Thankfully the router has an rj45 console connection and I'm using some random USB->Serial and a hand-made DB9 to rt45 adapter, so I got serial access fairly easily.

I did follow this wiki up to the make menuconfig and I guessed that I have to import the config from _files/ into .config.

If that's wrong, would it be a problem to write some guildes as to how to build the image with these changes?

I saw that this was mentioned:

the last fork of OpenWrt for the XTM 22 is in this repo

But I did get an syntex error during compilation, nor do I really know which settings to enable during compilation (the Y/n prompt).

Error: arch/arm/boot/dts/intel-ixp43x-watchguard-xtm21w.dts:175.3-176.1 syntax error
FATAL ERROR: Unable to parse input tree
make[6]: *** [scripts/Makefile.lib:364: arch/arm/boot/dts/intel-ixp43x-watchguard-xtm21w.dtb] Error 1
make[5]: *** [Makefile:1373: dtbs] Error 2
make[5]: *** Waiting for unfinished jobs....
  HOSTCC  scripts/genksyms/parse.tab.o
  HOSTCC  scripts/genksyms/lex.lex.o
  HOSTLD  scripts/genksyms/genksyms
make[5]: Leaving directory '/var/home/zastrix/Documents/openwrt/build_dir/target-armeb_xscale_musl/linux-ixp4xx/linux-5.18-rc1'
make[4]: *** [Makefile:26: /var/home/zastrix/Documents/openwrt/build_dir/target-armeb_xscale_musl/linux-ixp4xx/linux-5.18-rc1/.modules] Error 2
make[4]: Leaving directory '/var/home/zastrix/Documents/openwrt/target/linux/ixp4xx'
make[3]: *** [Makefile:11: compile] Error 2
make[3]: Leaving directory '/var/home/zastrix/Documents/openwrt/target/linux'
time: target/linux/compile#12.69#5.72#339.51
    ERROR: target/linux failed to build.
make[2]: *** [target/Makefile:30: target/linux/compile] Error 1
make[2]: Leaving directory '/var/home/zastrix/Documents/openwrt'
make[1]: *** [target/Makefile:23: /var/home/zastrix/Documents/openwrt/staging_dir/target-armeb_xscale_musl/stamp/.target_compile] Error 2
make[1]: Leaving directory '/var/home/zastrix/Documents/openwrt'
make: *** [/var/home/zastrix/Documents/openwrt/include/toplevel.mk:230: world] Error 2

Edit:

I'd definitely be willing to write documentation on how to do this + eventually create a Dockerfile for container-based builds of this project.

Hi. How do this not explanation here. I figured out how to do it myself

First you must create zimage and create boot image . Than write boot image to a usb stick. Dont use ubuntu for create images. Use arch linux.

[greguu]

@zastrixarundell Hi, first of all thanks for your interest. This kernel is work in progress and only covers XTM 2 series 21/22/23 models and their Wireless version 21-W/22-W/23-W as they are all identical IXP-4xx based hardware. However, the RJ45 console port is only available on the 25/25-W and 26/26-W models. These use a different boot-loader (U-Boot) that is also password locked! I do not have any of these and the password is not known, hence this port does not cover this model, unfortunately.

[zastrixarundell]

@zastrixarundell Hi, first of all thanks for your interest. This kernel is work in progress and only covers XTM 2 series 21/22/23 models and their Wireless version 21-W/22-W/23-W as they are all identical IXP-4xx based hardware. However, the RJ45 console port is only available on the 25/25-W and 26/26-W models. These use a different boot-loader (U-Boot) that is also password locked! I do not have any of these and the password is not known, hence this port does not cover this model, unfortunately.

Thanks for the answer! I spent hours trying to hook up an internal UART port thinking that the rj45 is just doesn't allow to use the password (as I was not getting an error when I typed the one linked in this repo so I thought that it was just not allowed via the accessible port).

In this scenario I'm probably going to keep it somewhere as a glorified switch, if I can even use it like one, but if in any case you want to update the scope of this project just tag me here. I have these two models:

HW MODEL # XP2E62 HW MODEL # FS1E5W

[greguu]

@zastrixarundell If you want, can you share some photo of the mainboard to see the internal layout of these models as well as the boot prompt you get via the RJ45 port ? Just to complete the picture. Perhaps try some U-Boot commands to see if you can get the version and more details etc. I assume it should tell you if you enter the correct password and allow further commands. For the password prompt on Redboot you need to push CTRL+C at boot, not sure about U-Boot.

[zastrixarundell]

Thanks for the answer @greguu.

Here's the menu (yes I can CTRL+C and type in the password). After typing in the password from the repo it just ignores the input and I can use my arrow keys to continue booting.

          WatchGuard U-Boot 2011.03 - 430854 - Sep 17 2013 14:10:34

 +-------------------------------------------------------------------------+
 |WatchGuard (SYSA)                                                        |
 |WatchGuard (SYSB)                                                        |
 |WatchGuard (SAFE MODE)                                                   |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 +-------------------------------------------------------------------------+

      Use the ^ and v keys to select which entry is highlighted.
      Press enter to boot the selected OS.

password> 

Here is the entire boot sequence:

          WatchGuard U-Boot 2011.03 - 430854 - Sep 17 2013 14:10:34

 +-------------------------------------------------------------------------+
 |WatchGuard (SYSA)                                                        |
 |WatchGuard (SYSB)                                                        |
 |WatchGuard (SAFE MODE)                                                   |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 +-------------------------------------------------------------------------+

      Use the ^ and v keys to select which entry is highlighted.
      Press enter to boot the selected OS.

password> asdasdasd
Booting SYSA

NAND read: device 0 offset 0x20000, size 0x500000
Bad block table found at page 131008, version 0x01
Bad block table found at page 130944, version 0x01
nand_read_bbt: Bad block at 0x000001f60000
nand_read_bbt: Bad block at 0x000002420000
nand_read_bbt: Bad block at 0x000005cc0000
nand_read_bbt: Bad block at 0x000007d40000
 5242880 bytes read: OK
## Booting kernel from FIT Image at 01000000 ...
   Using 'conf@1' configuration
   Trying 'kernel@1' kernel subimage
     Description:  WatchGuard Kernel
     Type:         Kernel Image
     Compression:  gzip compressed
     Data Start:   0x010000cc
     Data Size:    2919777 Bytes = 2.8 MiB
     Architecture: PowerPC
     OS:           Linux
     Load Address: 0x00000000
     Entry Point:  0x00000000
     Hash algo:    crc32
     Hash value:   2f9ae4d7
     Hash algo:    sha1
     Hash value:   2234353c9c5c5b521ee5a09d6e0f61101afd58d0
   Verifying Hash Integrity ... crc32+ sha1+ OK
## Flattened Device Tree from FIT Image at 01000000
   Using 'conf@1' configuration
   Trying 'fdt@1' FDT blob subimage
     Description:  Flattened Device Tree blob
     Type:         Flat Device Tree
     Compression:  uncompressed
     Data Start:   0x012c8f58
     Data Size:    9867 Bytes = 9.6 KiB
     Architecture: PowerPC
     Hash algo:    crc32
     Hash value:   a937f12f
     Hash algo:    sha1
     Hash value:   be4a0630b151dcf676c537f39afd699d60e1bec4
   Verifying Hash Integrity ... crc32+ sha1+ OK
   Booting using the fdt blob at 0x12c8f58
   Uncompressing Kernel Image ... OK
   Loading Device Tree to 00ffa000, end 00fff68a ... OK
[    0.000000] Reserving 16MB of memory at 256MB for crashkernel (System RAM: 512MB)
[    0.000000] Using P1020 RDB machine description
[    0.000000] Only using first contiguous memory region
[    0.000000] Memory CAM mapping: 256/256 Mb, residual: 0Mb
[    0.000000] Linux version 3.0.34 (release@cmfarm03) (gcc version 4.4.5 (WatchGuard Inc./crosstool-ng version: 0.1.5/1.9.0) ) #1 SMP Sun Sep 21 19:15:56 PDT 2014
[    0.000000] CPU maps initialized for 1 thread per core
[    0.000000] bootconsole [udbg0] enabled
setup_arch: bootmem
mpc85xx_rdb_setup_arch()
[    0.000000] Found FSL PCI host bridge at 0x00000000ffe0a000. Firmware bus number: 0->1
[    0.000000] PCI host bridge /pcie@ffe0a000  ranges:
[    0.000000]  MEM 0x0000000080000000..0x000000009fffffff -> 0x0000000080000000 
[    0.000000]   IO 0x00000000ffc00000..0x00000000ffc0ffff -> 0x0000000000000000
[    0.000000] /pcie@ffe0a000: PCICSRBAR @ 0xfff00000
[    0.000000] MPC85xx RDB board from Freescale Semiconductor
arch: exit
[    0.000000] Zone PFN ranges:
[    0.000000]   DMA      0x00000000 -> 0x00020000
[    0.000000]   Normal   empty
[    0.000000] Movable zone start PFN for each node
[    0.000000] early_node_map[1] active PFN ranges
[    0.000000]     0: 0x00000000 -> 0x00020000
[    0.000000] MMU: Allocated 1088 bytes of context maps for 255 contexts
[    0.000000] PERCPU: Embedded 7 pages/cpu @a0b13000 s5728 r8192 d14752 u32768
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 130048
[    0.000000] Kernel command line: root=/dev/mtdblock8 rw rootfstype=jffs2 console=ttyS0,115200 ramdisk_size=600000
[    0.000000] PID hash table entries: 2048 (order: 1, 8192 bytes)
[    0.000000] Dentry cache hash table entries: 65536 (order: 6, 262144 bytes)
[    0.000000] Inode-cache hash table entries: 32768 (order: 5, 131072 bytes)
[    0.000000] Memory: 496068k/524288k available (5732k kernel code, 28220k reserved, 264k data, 1221k bss, 228k init)
[    0.000000] Kernel virtual memory layout:
[    0.000000]   * 0xfffdf000..0xfffff000  : fixmap
[    0.000000]   * 0xfdfeb000..0xfe000000  : early ioremap
[    0.000000]   * 0xc1000000..0xfdfeb000  : vmalloc & ioremap
[    0.000000] SLUB: Genslabs=15, HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[    0.000000] Hierarchical RCU implementation.
[    0.000000] NR_IRQS:512
[    0.000000] mpic: Setting up MPIC " OpenPIC  " version 1.2 at ffe40000, max 1 CPUs
[    0.000000] mpic: ISU size: 256, shift: 8, mask: ff
[    0.000000] mpic: Initializing for 256 sources
[    0.000000] clocksource: timebase mult[7800001] shift[22] registered
[    0.000000] Console: colour dummy device 80x25
[    0.010795] pid_max: default: 32768 minimum: 301
L�}�JQPD[P�!.cYY�Q[���J564�[@�b$���W�)P
                                                                                                                            2![*+A��*�[    2.697882] Empty flash at 0x058f74c0 ends at 0x058f7800
[    3.419702] VFS: Mounted root (jffs2 filesystem) on device 31:8.[!.�,�9��XKqP+��51�BX��V@[P!.X���B9W9I:��Vk)V�K��
[    3.425803] Freeing unused kernel memory: 228k init
[    8.155412] Running /etc/runlevel/1/S02rootrw...Done.
[    8.163560] Running /etc/runlevel/1/S05mproc...Done.
[    8.166057] Running /etc/runlevel/1/S05sysfs...Done.
[    8.168957] Running /etc/runlevel/1/S18seed-random...Reseeded random generator
[    8.236671] Done.
[    8.297808] Running /etc/runlevel/2/S10var...Done.
[    8.313814] Running /etc/runlevel/2/S11shm...Done.
[    8.322340] Running /etc/runlevel/2/S13devpts...Done.
[    8.347303] Running /etc/runlevel/2/S14temp...Done.
[    8.349904] Running /etc/runlevel/2/S16pending...Done.
[    8.350994] Running /etc/runlevel/2/S17talitos...[    8.109702] talitos ffe30000.crypto: hwrng
[    8.114000] alg: No test for authenc(hmac(sha1),cbc(aes)) (authenc-hmac-sha1-cbc-aes-talitos)
[    8.122761] talitos ffe30000.crypto: authenc-hmac-sha1-cbc-aes-talitos
[    8.129562] alg: No test for authenc(hmac(sha1),cbc(des3_ede)) (authenc-hmac-sha1-cbc-3des-talitos)
[    8.138819] talitos ffe30000.crypto: authenc-hmac-sha1-cbc-3des-talitos
[    8.146428] setting trigger mode 0 for irq 37 failed (mpc8xxx_irq_set_type+0x0/0x118)
[    8.154885] setting trigger mode 0 for irq 38 failed (mpc8xxx_irq_set_type+0x0/0x118)
[    8.163221] setting trigger mode 0 for irq 39 failed (mpc8xxx_irq_set_type+0x0/0x118)
[    8.171525] setting trigger mode 0 for irq 40 failed (mpc8xxx_irq_set_type+0x0/0x118)
[    8.179828] setting trigger mode 0 for irq 41 failed (mpc8xxx_irq_set_type+0x0/0x118)
[    8.188134] setting trigger mode 0 for irq 44 failed (mpc8xxx_irq_set_type+0x0/0x118)
[    8.196429] setting trigger mode 0 for irq 46 failed (mpc8xxx_irq_set_type+0x0/0x118)
[    8.208800] alg: No test for authenc(hmac(sha256),cbc(aes)) (authenc-hmac-sha256-cbc-aes-talitos)
[    8.218245] talitos ffe30000.crypto: authenc-hmac-sha256-cbc-aes-talitos
[    8.225414] alg: No test for authenc(hmac(sha256),cbc(des3_ede)) (authenc-hmac-sha256-cbc-3des-talitos)
[    8.235197] talitos ffe30000.crypto: authenc-hmac-sha256-cbc-3des-talitos
[    8.242429] alg: No test for authenc(hmac(md5),cbc(aes)) (authenc-hmac-md5-cbc-aes-talitos)
[    8.251169] talitos ffe30000.crypto: authenc-hmac-md5-cbc-aes-talitos
[    8.258054] alg: No test for authenc(hmac(md5),cbc(des3_ede)) (authenc-hmac-md5-cbc-3des-talitos)
[    8.267318] talitos ffe30000.crypto: authenc-hmac-md5-cbc-3des-talitos
[    8.274593] talitos ffe30000.crypto: cbc-aes-talitos
[    8.279971] talitos ffe30000.crypto: cbc-3des-talitos
[    8.287469] talitos ffe30000.crypto: md5-talitos
[    8.292608] talitos ffe30000.crypto: sha1-talitos
[    8.297725] talitos ffe30000.crypto: sha224-talitos
[    8.303005] talitos ffe30000.crypto: sha256-talitos
[    8.308417] talitos ffe30000.crypto: sha384-talitos
[    8.313803] talitos ffe30000.crypto: sha512-talitos
[    8.318942] alg: No test for authenc(hmac(sha1),cbc(cipher_null)) (authenc-hmac-sha1-cbc-cipher-null-talitos)
[    8.329075] talitos ffe30000.crypto: authenc-hmac-sha1-cbc-cipher-null-talitos
[    8.336561] alg: No test for authenc(hmac(sha256),cbc(cipher_null)) (authenc-hmac-sha256-cbc-cipher-null-talitos)
[    8.347034] talitos ffe30000.crypto: authenc-hmac-sha256-cbc-cipher-null-talitos
[    8.354696] alg: No test for authenc(hmac(sha384),cbc(cipher_null)) (authenc-hmac-sha384-cbc-cipher-null-talitos)
[    8.365167] talitos ffe30000.crypto: authenc-hmac-sha384-cbc-cipher-null-talitos
[    8.372830] alg: No test for authenc(hmac(sha512),cbc(cipher_null)) (authenc-hmac-sha512-cbc-cipher-null-talitos)
[    8.383299] talitos ffe30000.crypto: authenc-hmac-sha512-cbc-cipher-null-talitos
[    8.390966] alg: No test for authenc(hmac(sha384),cbc(aes)) (authenc-hmac-sha384-cbc-aes-talitos)
[    8.400043] talitos ffe30000.crypto: authenc-hmac-sha384-cbc-aes-talitos
[    8.407006] alg: No test for authenc(hmac(sha384),cbc(des3_ede)) (authenc-hmac-sha384-cbc-3des-talitos)
[    8.416608] talitos ffe30000.crypto: authenc-hmac-sha384-cbc-3des-talitos
[    8.423657] alg: No test for authenc(hmac(sha512),cbc(aes)) (authenc-hmac-sha512-cbc-aes-talitos)
[    8.432744] talitos ffe30000.crypto: authenc-hmac-sha512-cbc-aes-talitos
[    8.439710] alg: No test for authenc(hmac(sha512),cbc(des3_ede)) (authenc-hmac-sha512-cbc-3des-talitos)
[    8.449312] talitos ffe30000.crypto: authenc-hmac-sha512-cbc-3des-talitos
[    8.456376] alg: No test for authenc(digest_null,cbc(aes)) (authenc-digest-null-cbc-aes-talitos)
[    8.465367] talitos ffe30000.crypto: authenc-digest-null-cbc-aes-talitos
[    8.472349] alg: No test for authenc(digest_null,cbc(des3_ede)) (authenc-digest-null-cbc-3des-talitos)
[    8.481864] talitos ffe30000.crypto: authenc-digest-null-cbc-3des-talitos
[    8.488936] talitos ffe30000.crypto: ablk-cbc-aes-talitos
[    8.494604] talitos ffe30000.crypto: ablk-cbc-3des-talitos
[    8.500371] alg: No test for auth(sha1) (auth-sha1-talitos)
[    8.506140] talitos ffe30000.crypto: auth-sha1-talitos
[    8.511533] alg: No test for auth(sha256) (auth-sha256-talitos)
[    8.517651] talitos ffe30000.crypto: auth-sha256-talitos
[    8.523223] alg: No test for auth(sha384) (auth-sha384-talitos)
[    8.529341] talitos ffe30000.crypto: auth-sha384-talitos
[    8.534919] alg: No test for auth(sha512) (auth-sha512-talitos)
[    8.541048] talitos ffe30000.crypto: auth-sha512-talitos
Done.
[    8.997172] Running /etc/runlevel/2/S18data...[    8.913823] Empty flash at 0x00de48a4 ends at 0x00de5000
Done.
[   10.740974] Running /etc/runlevel/2/S18hotplug...Done.
[   14.127075] Running /etc/runlevel/2/S18kdump...Done.
[   18.105751] Running /etc/runlevel/2/S19fips...Done.
[   18.111638] Running /etc/runlevel/2/S19ipv6...disabling IPv6 autoconf for all
[   18.115428] disabling IPv6 autoconf for default
[   18.115773] enable IPv6 forwarding for all
[   18.116065] enable IPv6 forwarding for default
[   18.116401] disabling IPv6 for all
[   18.116637] disabling IPv6 for default
[   18.116901] Done.
[   18.117128] Running /etc/runlevel/2/S20cleanup-dbg...Done.
[   18.121112] Running /etc/runlevel/2/S20fipstest...Done.
[   18.121513] Running /etc/runlevel/2/S20sigs...Done.
[   19.546917] Running /etc/runlevel/2/S20usb...[   19.147199] Initializing USB Mass Storage driver...
[   19.155596] usbcore: registered new interface driver usb-storage
[   19.161692] USB Mass Storage support registered.
Done.
[   19.616873] Running /etc/runlevel/2/S20wgbase...[   19.182476] wgipc: module license 'Watchguard Proprietary' taints kernel.
[   19.189316] Disabling lock debugging due to kernel taint
Done.
[   19.656598] Running /etc/runlevel/2/S21eth...[   19.230588] 
[   19.230593] wg_dsa_init: Built Sep 21 2014 19:17:46 P1011 SW 1 Flags 2929
[   19.230599] 
[   19.240459] wg_dsa_init: Rename eth1 -> eth3
[   19.248808] wg_dsa_init: Rename eth0 -> sw10
[   19.260458] Distributed Switch Architecture driver version 0.1
[   19.268699] sw10[0]: detected a Marvell 88E6171 switch
[   19.844659] dsa slave smi: probed
[   19.848032] dsa_slave_create: eth0 Marvell headers enabled, len 16
[   19.908416] dsa_slave_create: eth1 Marvell headers enabled, len 16
[   19.968366] dsa_slave_create: eth2 Marvell headers enabled, len 16
[   20.028398] wg_dsa_init: Split sw10
[   20.031903] wg_dsa_init: Rename eth3 -> sw11
[   20.046167] sw11[0]: detected a Marvell 88E6171 switch
[   20.626921] dsa slave smi: probed
[   20.630366] dsa_slave_create: eth3 Marvell headers enabled, len 16
[   20.690335] dsa_slave_create: eth4 Marvell headers enabled, len 16
[   20.751902] wg_dsa_init: Split sw11
[   22.761614] gfar_init_mac: sw10: L2OFF  2  Pad   8 RCTRL   20817ca
[   22.768414] ADDRCONF(NETDEV_UP): sw10: link is not ready
[   22.778064] gfar_init_mac: sw11: L2OFF  2  Pad   8 RCTRL   20817ca
[   22.784823] ADDRCONF(NETDEV_UP): sw11: link is not ready
Done.
[   23.240889] Running /etc/runlevel/2/S22login...Done.
[   23.243484] Running /etc/runlevel/2/S22rtc...Done.
[   23.252920] Running /etc/runlevel/2/S23pppoe...[   22.854223] PPP generic driver version 2.4.2
[   22.899663] PPP MPPE Compression module registered
[   22.913413] PPP Deflate Compression module registered
[   22.926325] NET: Registered protocol family 24
Done.
[   23.398976] Running /etc/runlevel/2/S23sslvpn...[   22.976229] tun: Universal TUN/TAP device driver, 1.6
[   22.981356] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Done.
[   23.443074] Running /etc/runlevel/2/S24l2tpvpn...[   23.016948] L2TP core driver, V2.0
[   23.032550] L2TP netlink interface
[   23.059341] PPPoL2TP kernel driver, V2.0
Done.
[   23.513867] Running /etc/runlevel/2/S25core...Done.
[   23.519323] Running /etc/runlevel/2/S25wgcfg...[   24.756291] PHY: 0:01 - Link is Up - 1000/Full
[   24.761323] ADDRCONF(NETDEV_CHANGE): sw10: link becomes ready
[   24.772337] PHY: 0:02 - Link is Up - 1000/Full
[   24.777171] ADDRCONF(NETDEV_CHANGE): sw11: link becomes ready
Info: No conversion required from version 11.9.3 to 11.9.3.
[   28.389624] Done.
[   28.389793] Running /etc/runlevel/2/S27cfgcheck...Config ok
[   30.934335] Done.
[   30.934523] Running /etc/runlevel/2/S29firewall...Done.
[   30.937218] Running /etc/runlevel/2/S29wgcore...Done.
[   30.974731] Running /etc/runlevel/2/S30bonding...[   30.628317] bonding: Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
[   30.635515] bonding: MII link monitoring set to 100 ms
Done.
[   31.091317] Running /etc/runlevel/2/S30net...[   30.725195] Bridge firewalling registered
[   30.750745] Ebtables v2.0 registered
[   30.867576] GRE over IPv4 demultiplexor driver
[   30.897400] GRE over IPv4 tunneling driver
[   30.916403] bvpn vif handlers are registered
[   30.954372] 802.1Q VLAN Support v1.8
Done.
[   31.425689] Running /etc/runlevel/2/S30upgrade...Done.
[   31.432692] Running /etc/runlevel/2/S31cacert...Done.
[   31.669754] Running /etc/runlevel/2/S31cert...[   35.881796] JFFS2 notice: (200) check_node_data: wrong data CRC in data node at 0x05c19c70: read 0xd8d54e2f, calculated 0x3f7d0134.
Done.
[   38.031628] Running /etc/runlevel/2/S31crypto...Done.
[   38.073524] Running /etc/runlevel/2/S31purgecert...Done.
[   38.075013] Running /etc/runlevel/2/S31xtables...[   37.638335] Netfilter messages via NETLINK v0.30.
[   37.664006] ip_set_init[1869]: ip_set: protocol 5
[   37.968360] nf_conntrack version 0.5.0 (7770 buckets, 31080 max)
[   37.974627] nf_conntrack_init_init_net: conntrack max=31080 high water mark=24864
[   38.031671] ip_tables: (C) 2000-2006 Netfilter Core Team
[   38.091286] nf_ct_ftp: Maximum expected value 1
[   38.208660] NF_TPROXY: Transparent proxy support initialized, version 4.1.0
[   38.215679] NF_TPROXY: Copyright (c) 2006-2007 BalaBit IT Ltd.
[   38.255022] ctnetlink v0.93: registering with nfnetlink.
[   38.539698] arp_tables: (C) 2002 David S. Miller
[   38.629212] u32 classifier
[   38.631944]     Performance counters on
[   38.635818]     input device check on
[   38.639495]     Actions configured
[   38.688883] Mirror/redirect action on
Done.
[   39.166928] Running /etc/runlevel/2/S31xtables6...Done.
[   39.229803] Running /etc/runlevel/2/S32auth...Done.
[   39.263325] Running /etc/runlevel/2/S32clst...Done.
[   39.416861] Running /etc/runlevel/2/S32modemdrivers...[   39.011078] USB Serial support registered for GSM modem (1-port)
[   39.020686] usbcore: registered new interface driver option
[   39.026325] option: v0.7.2:USB Driver for GSM modems
[   39.054471] USB Serial support registered for Sierra USB modem
[   39.063549] usbcore: registered new interface driver sierra
[   39.069204] wg_sierra: v.1.7.40:USB Driver for Sierra Wireless USB modems
[   39.103422] usbcore: registered new interface driver cdc_acm
[   39.109190] cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters
[   39.135015] USB Serial support registered for GobiSerial
[   39.145828] usbcore: registered new interface driver GobiSerial
[   39.151848] GobiSerial: 2013-10-08/NTGR_2.12
[   39.192679] usbcore: registered new interface driver cdc_ether
[   39.215938] usbcore: registered new interface driver rndis_host
[   39.242132] usbcore: registered new interface driver sierra_net
[   39.311446] GobiNet: 2013-10-08/NTGR_2.21
[   39.321033] usbcore: registered new interface driver GobiNet
Done.
[   39.777210] Running /etc/runlevel/2/S32wgxt...[   39.357503] ipt_addrpairs_6 v0.1.0: Loading
[   39.402701] xt_session6 : Loading
[   39.406109] xt_session6 : Loaded limit 1000 hash 1024 WG IPC ID 184549376 (0x0B000000)
[   39.480791] ipt_addrpairs: ADDRPAIRS SCALE Set MAX 16384 Entry Max 16384
[   39.487758] ipt_addrpairs: v1.0.0 Loaded
[   39.517940] xt_ifset: Loaded with set limit 5000 and entry limit 5000
[   39.531733] xt_classify : Loaded
[   39.542442] xt_master: Loaded
[   39.552904] xt_MASTER: Loaded
[   39.563500] xt_WGTEE: Loaded
[   39.574914] Schedule: Loaded
[   39.584673] xt_POLICY: Loaded
[   39.595508] xt_policy : Loaded
[   39.605974] xt_EXPIRES: Loaded
[   39.616151] xt_IPPRECEDENCE: Loaded
[   39.632510] xt_PKTCACHE: Loaded
[   39.684607] xt_session : Loaded limit 1000 hash 1024 WG IPC ID 92274688 (0x05800000)
[   39.749521] xt_CONNCLASSIFY: Loaded
[   39.759714] xt_connclassify : Loaded
[   39.772348] xt_ipspoof : Loaded
[   39.827425] xt_LBDNAT: Loaded
[   39.865949] xt_MWAN: Loaded
[   39.891562] xt_psd: Loaded
[   39.904311] xt_ipsd: Loaded
[   39.917028] xt_ddos: Loaded
[   39.930221] xt_dos: Loaded
[   39.953850] xt_wgaccount: Loaded
[   40.011580] xt_block : Loaded limit 1000 hash 1024 WG IPC ID 155189248
[   40.033417] xt_localroute: Loaded
[   40.051472] xt_duplicate: Loaded
[   40.085045] xt_WGCLASSIFY: Loaded
Done.
[   40.565823] Running /etc/runlevel/2/S33appID...[   40.489786] * Make sure sizeof(struct sw_struct)=76 is consistent
[   40.505692] WG workqueue: Loaded
[   40.576908] bw driver: Loaded
Done.
[   41.030400] Running /etc/runlevel/2/S35nropen...updated /proc/sys/fs/nr_open with new value: 2097152
[   41.035509] Done.
[   41.040382] Running /etc/runlevel/2/S35proxy...[   40.602175] Proxy glue: Loaded 19:27:53 (196)
Setting the proxy tmpfs size to size=121m.
[   41.178748] Done.
[   41.178977] Running /etc/runlevel/2/S35scand...Done.
[   48.877292] Running /etc/runlevel/2/S36dynroute...Done.
[   48.879721] Running /etc/runlevel/2/S42ssh...Done.
[   48.884992] Running /etc/runlevel/2/S44sysb...Done.
[   49.374709] Running /etc/runlevel/2/S50nettune...Setting IPv4 route garbage collection timeout to 2 minutes
[   49.377725] Setting promote_secondaries to 1
[   49.378067] Done.
[   49.379352] Running /etc/runlevel/2/S53configdhash...Done.
[   49.380396] Running /etc/runlevel/2/S54[   48.949249] Compat-wireless backport release: compat-wireless-v3.6.8-1
wireless...[   48.956877] Backport based on linux-stable.git v3.6.8
[   48.962851] compat.git: linux-stable.git
[   49.170060] cfg80211: Calling CRDA to update world regulatory domain
[   49.190752] cfg80211: World regulatory domain updated:
[   49.195969] cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
[   49.204187] cfg80211:   (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[   49.211963] cfg80211:   (2457000 KHz - 2482000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[   49.219736] cfg80211:   (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[   49.227511] cfg80211:   (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[   50.082340] cfg80211: Calling CRDA for country: US
[   50.090644] ieee80211 phy0: Atheros AR9300 Rev:3 mem=0xc52c0000, irq=16
start load wireless modules
[   50.553971] Done.
[   50[   50.108154] cfg80211: Regulatory domain changed to country: US
.554108] Running[   50.114611] cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
 /etc/runlevel/2[   50.124150] cfg80211:   (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2700 mBm)
/S80seed-random.[   50.133295] cfg80211:   (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 1700 mBm)
..[   50.142432] cfg80211:   (5250000 KHz - 5330000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[   50.150337] cfg80211:   (5490000 KHz - 5600000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[   50.158111] cfg80211:   (5650000 KHz - 5710000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[   50.165885] cfg80211:   (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 3000 mBm)
[   50.173658] cfg80211:   (57240000 KHz - 63720000 KHz @ 2160000 KHz), (N/A, 4000 mBm)
Saved random seed
[   50.666135] Done.
[   50.666421] Running /etc/runlevel/2/S90bootmon...Done.
[   50.682920] Running /etc/runlevel/2/S90kcrashrep...Done.
[   50.686081] Running /etc/runlevel/2/S98setmacs...setting device eth0 to 00:90:7f:a2:e8:48
[   50.831251] setting device eth1 to 00:90:7f:a2:e8:49
[   50.831643] setting device eth2 to 00:90:7f:a2:e8:4a
[   50.832008] setting device eth3 to 00:90:7f:a2:e8:4b
[   50.832372] setting device eth4 to 00:90:7f:a2:e8:4c
[   50.833514] Done.
[   50.833654] Running /etc/runlevel/2/S99igmp...Done.
[   50.836374] Running /etc/runlevel/2/S99rootro...Done.
[   58.799204] xt_connbytes: Forcing CT accounting to be enabled
[   60.448963] xt_wgaccount: Requested policy limit 9 is not larger than current limit 100 so limit will not change
[   61.291419] xt_session: TS is shut down by configuration data, ts count: 0 len : 0
[   65.147774] device sw10 entered promiscuous mode
[   65.152759] ADDRCONF(NETDEV_UP): eth0: link is not ready
[   65.489277] ADDRCONF(NETDEV_UP): eth1: link is not ready
[   65.515873] ADDRCONF(NETDEV_UP): eth2: link is not ready
[   65.541632] device sw11 entered promiscuous mode
[   65.546532] ADDRCONF(NETDEV_UP): eth3: link is not ready
[   65.572530] ADDRCONF(NETDEV_UP): eth4: link is not ready
[   66.119806] Running /etc/runlevel/4/S54setmacwifi...setmacs(wifi): set wlan0 interface mac address to 00:90:7F:A2:E8:4E
[   66.137835] Done.

WatchGuard-XTM login:

Here is the archived URL for the xtm2 model which I have. It has the images of the motherboard on both sides.

It's 3am here so I'll send the images (and boot log) for the other machine tomorrow during the day. It has an rs232 connector which I can thankfully connect to.

Also quick question: Which type of VPN services does this project support when it's being ran on the mechine? Does it support only OpenVPN or does it also support Wireguard VPN?

[greguu]

@zastrixarundell Thanks for these details.

Once you boot into the vendor system, you can logon usually using the default credentials. Once in, you can dump more info to a USB stick that you plugin, such as system details, kernel modules used etc, via various system specific commands. If you have a vendor logon to their support site, you can download a image file you can extract and inspect as well for kernel config etc. However, this is in the end only useful if there is a way to flash a custom U-Boot or get the U-Boot password, so you can boot your own kernel and rootfs. I did ask the vendor ages ago about their kernel source, but never heard back. I doubt they release the U-Boot password.

The specs on these boxes are still reasonable and with a bit of effort run a recent linux kernel that will allow you OpenWrt etc and your choice of VPN. For the 21-W model, I managed to get most things working, just not the NAND and the Realtek switch yet. However, its time consuming work to keep up with mainline and re-build and test. I will continue with the IXP4xx based models eventually.

[corzani]

Hi all, what about XTM 800 series? Does anyone ever dealt with it? http://watchguard.optrics.com/images/products/xtm/xtm800-mainprod.jpg

[greguu]

@corzani Hi, the XTM 800/1500 series should be x86_64 and have an unlocked bootloader. Also around are their predecessors, X750/1000/1250 series, based on X86_32. You can find some guides online on how to run alternative OS on these. This project just covers the XTM21/22/23 series

[readnotify]

Has anyone considered a different approach... simply adjusting the existing system to let you remove their custom stuff and manually set up whatever config you want through a shell?

e.g. I see this in the boot... [ 48.879721] Running /etc/runlevel/2/S42ssh...Done.

I've done something similar in the past on a netgear router - once inside, I found "busybox" with every tool I could want, plus google lead me to some other custom binaries that run on that device just fine.

[greguu]

@readnotify I explored it, but as you say, its rather custom setup that Watchguard has on these, including an ancient 2.6 kernel and some licensing stuff. While its relatively easy to get the vendor rootfs out of the offical upgrade file, it would be a bit of messing around to get some static binaries injected that will run with this old kernel. IMHO, the best approach is still to complete the device-tree for this board and get the RTK switch going on 6.x kernel. Its actually not that much more work for someone familiar with the matter as just the NAND config in the .dts and the Realtek switch are missing.

[ellisonmax]

Hello friend, Thank you for your project! I have five unused xtm21w devices and I'm trying to give new life to one of them. I tried the v18.06.9 version of OpenWrt, and it generated the following files:

root@debian:~/openwrt/bin/targets/ixp4xx/generic# ls -lha
total 65M
drwxr-xr-x 4 root root 4.0K Jul 22 16:19 .
drwxr-xr-x 3 root root 4.0K Jul 22 15:55 ..
drwxr-xr-x 2 root root 4.0K Jul 22 16:02 apex
-rw-r--r-- 1 root root  147 Jul 22 15:55 config.seed
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-ap1000-zImage
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-ap42x-zImage
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-avila-zImage
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-cambria-zImage
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-compex-zImage
-rw-r--r-- 1 root root 2.0K Jul 22 16:19 openwrt-ixp4xx-generic-default.manifest
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-dsmg600-zImage
-rw-r--r-- 1 root root 3.6M Jul 22 16:19 openwrt-ixp4xx-generic-fsg3-squashfs.img
-rw-r--r-- 1 root root 3.6M Jul 22 16:19 openwrt-ixp4xx-generic-fsg3-squashfs-webupgrade.img
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-fsg3-zImage
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-gateway7001-zImage
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-ixdpg425-zImage
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-loft-zImage
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-nas100d-zImage
-rw-r--r-- 1 root root  16M Jul 22 16:19 openwrt-ixp4xx-generic-nslu2-squashfs-16mb.bin
-rw-r--r-- 1 root root 8.0M Jul 22 16:19 openwrt-ixp4xx-generic-nslu2-squashfs.bin
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-nslu2-zImage
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-pronghornmetro-zImage
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-pronghorn-zImage
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-sidewinder-zImage
-rw-r--r-- 1 root root 2.2M Jul 22 16:19 openwrt-ixp4xx-generic-squashfs.img
-rw-r--r-- 1 root root 3.5M Jul 22 16:19 openwrt-ixp4xx-generic-squashfs-sysupgrade.bin
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-tw2662-zImage
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-tw5334-zImage
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-wg302v1-zImage
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-wg302v2-zImage
-rw-r--r-- 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-wrt300nv2-zImage
-rwxr-xr-x 1 root root 1.4M Jul 22 16:18 openwrt-ixp4xx-generic-zImage
drwxr-xr-x 2 root root 4.0K Jul 22 16:19 packages
-rw-r--r-- 1 root root 3.0K Jul 22 16:19 sha256sums

I loaded the file openwrt-ixp4xx-generic-zImage via serial but it doesn't load. It stops at this point:

RedBoot>                                                                                                           
RedBoot> load -m ymodem -r -v -b %{FREEMEMLO} zImage                                                               
CRaw file loaded 0x001d0000-0x0031e88f, assumed entry at 0x001d0000                                                
xyzModem - CRC mode, 10708(SOH)/1(STX)/0(CAN) packets, 6 retries                                                   
RedBoot>                                                                                                           
RedBoot>                                                                                                           
RedBoot> exec -c "console=ttyS0,115200 root=/dev/sda1 rootdelay=12" -w 5                                           
argc:5                                                                                                             
argv:exec                                                                                                          
argv:-c                                                                                                            
argv:console=ttyS0,115200 root=/dev/sda1 rootdelay=12                                                              
argv:-w                                                                                                            
argv:5                                                                                                             
About to start execution at 0x06000000 - abort with ^C within 5 seconds                                            
Using base address 0x001d0000 and length 0x0014e890                                                                
Uncompressing Linux... done, booting the kernel.

Any idea what I'm doing wrong?

[greguu]

@ellisonmax Hello, it seems the kernel you are trying to boot does not have serial console output enabled. The last OpenWrt test build I did was using these sources https://github.com/greguu/openwrt Building from these should create a Watchguard specific zImage and a very basic rootfs. You still need to add the watchguard specific .dtb file (it will be build as well) to the zImage ,eg. cat zImage <filename>.dtb > zImage_w_dtb before you can boot it. I have not worked on this since last year unfortunately, but hope to pick up on it again.

[greguu]

@LeonG71 Thanks, I was following LinusW effort to revive ixp4xx support in OpenWrt. I have updated the patches for v6.1 and did a build for those interested.

rootfs and kernel: https://github.com/greguu/openwrt/releases/tag/ixp4xx-v6.1 patches: https://github.com/openwrt/openwrt/commit/621ef48c15922333b7caf7223222d3c22c61aecc

Hopefully I can get some of the outstanding issues resolved so Watchguard support is part of the ixp4xx revival merge into OpenWrt.

[LeonG71]

8366SR datasheet http://realtek.info/pdf/rtl8366s_8366sr_datasheet_vpre-1.4_20071022.pdf , as used in XTM X21-W

and the already supported 8366S datasheet... http://realtek.info/pdf/rtl8366_8369_datasheet_1-1.pdf

Watchguard says "RTL8366 TMIIOneArm success!" OneARM an 8366 mode where the 8366 has one ethernet link to the xscale (rather than 2 that other modes use ?) and it will tell how to configure the cpu and 8366.

xscale CPU used one ethernet to talk to realtek , and watchguard gets it turn into three by vlan tags ... vendor logs three Vlan TAGS on eth3,4,5 ... So there is 3 10/100 ports and 3 gigabit capable ... the board has 3 small transformers, and two larger ones. Not that we need to do the vlan thing, we could let it work as a switch ..

RTC is s35390a data "0-0030" my wifi card is Atheros AR9160 MAC/BB Rev:1 AR5133

[greguu]

@LeonG71 Thanks for the details around the 8366SR, and the VLAN, I will look further into this. I suspected the WAN port to be a ixp4xx native ethernet as eth0, but you confirmed it. So eth1-5 are Realtek Switch ports via VLAN. Its confusing how these get split between NPE PHYs, I do no yet understand this part.

Vendor log:

ixp400_eth: eth0 is using NPE C PHY 16      
ixp400_eth: eth1 is using NPE C PHY 17      
ixp400_eth: eth2 is using NPE C PHY 18      
ixp400_eth: eth3 is using NPE A PHY 32      
ixp400_eth: eth4 is using NPE A PHY 33      
ixp400_eth: eth5 is using NPE A PHY 34 

eth3 to eth5 also get Realtek tagged, the others do not:

ixp400_eth: eth3 Realtek Tag 9001
ixp400_eth: eth4 Realtek Tag 9002
ixp400_eth: eth5 Realtek Tag 9004

Thanks for identifying the RTC, I will look into adding this to the device tree.

The CH341 way of accessing the UART is interesting, can you share more details ? It got some of these, but used them only for BIOS flashing / backups. I assume you can use the pins for that.

The WiFi card would possibly be the same for all the XTM21/22/23-W models and is supported as far as I can tell.

Currently, the focus is on getting the NAND going, it is apparently using Chip Select 1 and uses gpio-control-nand, instead of gen-nand. I have updated https://github.com/greguu/linux_kernel_xtm2_richland with some details I identified so far. Identifying the GPIO PINs used to control the NAND is possibly whats missing atm.

Once NAND is working, I need also to find another way of booting a kernel, as loading using ymodem is too slow and frustrating. The TFTP implementation on Watchguard Redboot appears to be broken or deliberately disabled.

Flashing a vanilla Redboot is risky and I do not have spare devices to take the risk. If anyone has the time and guts to try this this would be great :)

The switch implementation is the final part, I like to get the others sorted first to ease the work on the switch side. I did look at the current 8366S implementation briefly, not sure but the vendor Watchguard kernel modules reference SMI, so this needs some work I am not too familiar with.

[LeonG71]

For the CH341A , I got the schematics and RS232 specific drivers from here https://tad-electronics.com/2019/03/10/ch341a-mini-programmer-schematic-and-drivers/ . Note this page discusses "CH341 powered by 5 volts always" boards.. You might have a board which has control over the CH341's TTL levels.

The ZIF socket doesn't have RS232, so I used some old standard PC motherboard connectors (2 pin ..eg LED or momentary switch) to push onto the TX , RX at both ends. Earth is in ZIF , so I just used a wire from ZIF to a screw at the X21-W,

Check your CH341 is for 5 volts TTL on its data lines (if the option exists to change it ) and set it to RS232 mode with the CH341A board's jumper on 2,3 instead of 1,2 ... and use the RS232 specific driver for the CH341 as per the link I supplied.

Is this the correct command to get greg's latest code ?

git clone https://github.com/greguu/openwrt -b ixp4xx-v6.1-watchguard

...Well I have booted with Greg's kernel and my own filesystem image, created on a USB flashdrive.. e2fs on it, and use it as a real hard drive... not a squashfs or anything like that. I can compile and use packages, and transfer them by using a second USB device ( plug in and unplug live )

[greguu]

@LeonG71 Good news!

I need to update the .dts file in this repo, the current one is actually here in the OpenWrt repository:diff

It has support for the 16MB NOR Flash, but not yet NAND and Switch.

I recommend to build your own rootfs and kernel using OpenWrt, you can add the packages you want into the build process and boot from the rootfs via USB. Use this branch

[greguu]

@LeonG71 I have added the RTC to the device tree and kernel config. It does get detected, but as expected the battery is possibly dead on most units by now. There is possibly a way to replace it.

rtc-s35390a 0-0030: registered as rtc0
rtc-s35390a 0-0030: setting system clock to 2000-01-01T04:00:44 UTC (946699244)

The firmware files for the IXP4xx-eth are already build and included in the OpenWrt rootfs under /lib/firmware As I understand they should just get picked up there and do not need to be compiled into the kernel image.

In regards to the RTL switch, I did try both, the "classic" PHY switch and the DSA implementation. It appears the kernel is moving to DSA so it maybe worth migrating 8366SR to DSA, based on the the current 8366S implementation.

The Marvel switch was also enabled as CONFIG_MARVEL_PHY in the vendor kernel, but I could not see any kernel output on the vendor kernel on further details. Its possibly the missing bit to get ethernet ports 0-2 , eg the 10/100 ports, working and would explain the split of the ports between the two switches.

I have not had time to play further with the switches or the NAND for that matter, but will look into it time permitting.

Rebuilding the kernel is fast, but loading it for a test boot via ymodem is very slow. I was playing with the thought to get Redboot TFTP working, by flashing a new Redboot (vanilla), but worried it may brick the board.

[greguu]

@LeonG71
The NAND is Samsung yes, but not a OneNAND one as far as I can tell. Its a 2G-bit SLC NAND (k9f2g08u0b). I added a photo of the back of the board. As you show in the kernel log, the driver is GPIO NAND. To get it going we just need to correct GPIO pins used and what ChipSelect it uses, if any. I think its ChipSelect 1 (CS1), but not figured out the right GPIOs and lack time atm to investigate further.

Redboot does populate a FIS on the NOR FLASH if you run "fis init" but it will wipe the vendor partitions that are static. The device tree that I setup will use the FIS. You can actually put the kernel and/or rootfs into NOR FLASH already and boot from it.

You could also boot the kernel from NAND, if you flash it from Redboot, but I do not see any value of it yet compared to USB boot.

[greguu]

@LeonG71 Interesting. How did you identify these pins ? I tried to apply these to the .dts but still get a -2 error from gpio-control-nand. It maybe some other detail I am missing on the .dts side. I just had a brief test, so will investigate further when I can, but understanding how you came to identify the pins would be helpful.

[greguu]

@LeonG71 yes, that is right and hence I concluded its on CS1, but you said : The samsung NAND is on CS1. Are the NAND end pin 16,CLE, and pin 17, ALE, pin9 /CE. the unknowns ? Is this just a guess, or is pin 16. CLE, 17 ALE, 9 CE ?

[LeonG71]

I identified the pins at the samsung chip from here.... .https://pdf1.alldatasheet.com/datasheet-pdf/view/1150732/SAMSUNG/K9F2G08U0B.html

[LeonG71]

Samsung , these 3 are direct (no inverter in the line)

GPIO 8 to samsung 16, CLE GPIO 9 to samsung 17, ALE GPIO 12 goes to samsung 9 , /CE, samsung 19 , /WP, remains high when blinking all GPIO, which means NOT write protected...

Realtek uses pins SCK 70, SDA 71 .. these should be GPIO I2C pins ? I couldn't detect them yet because I2c owned these two GPIO. I detected they are not controlled by the other 14 GPIO ...I might try and get i2c out of the way to see them blink ,,,

[greguu]

@LeonG71 Thanks for tracing these lines. You found out where Samsung 7, RDY (R/B) is going to ? Maybe GPIO 13,10 or 11 ?

The IXP GPIO 8,9,10,11 are used for interrupts I think, as per intel-ixp4xx-reference-design.dtsi, but on the Watchguard, it maybe that GPIO 7 is the only interrupt for PCI slot 1 (eg WiFi) ? This would free these up for GPIO to NAND ?

I will have a closer look this week. Not sure the IXP has GPIO size 1 or 2 ? Is it only GPIO 0-15 ? or are split in two GPIO banks ? Manual says its just gpio0 for 0-15. The GPIO 14/15 used for clock it seems.

[LeonG71]

Can you provide a dts templant for the nand ? I didnt my attempts to compile, syntax error, no clear reason given. The lines which go inside the soc { ... } , where I only have to put the correct GPIO number in ?

[LeonG71]

samsung 7 ready/busy is connected to a GPIO 7.

[LeonG71]

ixp43x has only the 16 GPIO pins. see https://www.intel.com/content/dam/www/public/us/en/documents/manuals/ixp43x-product-line-network-processors-developers-manual.pdf

[LeonG71]

our CPU SOC has MDIO aka SMI built in, via the ethernet B interface . So the SMI devices should be on there . eg both ethernet switch chips?? They werent on the GPIO , and SMI isnt generally compatible with I2C.

SO realtek should similar to the gemini dlink dir 's DTS file.... which has the RTL8366 SMI.

But at what level does it go ? top, or inside SOC, or inside eth b ? Oh, realtel-SMI really means realtek-GPIO ...so thats not it., realtek-mdio relies on the mdio bus driver.

 mdio {
            switch {
            compatible = "realtek,rtl8366-mdio,mdio-smi";
                            reg = <4>;   // ADDRESS 4   on SMI aka MDIO bus.
                    phy1: phy@1 {
                            reg = <1>; //ADDRESS 1  OF THE SWITCH
                    };
                    phy2: phy@2 {
                            reg = <2>;
                    };
                    phy3: phy@3 {
                            reg = <3>;
                    };
                    phy4: phy@4 {
                            reg = <4>;
                    };
                    phy5: phy@5 {
                            reg = <5>;
                    };
            };
    };

???

[greguu]

@LeonG71 I have updated the current .dts I am testing with here and a test kernel log output using this dts here

At the moment still having trouble to detect the NAND. I guess some address or register not right. There are lots of NAND options for CS1 that may or may not be needed. The reference dts for ixp43x does use gen-nand instead of gpio-control-nand, but I tried this without any luck.

The MDIO and SMI for the switches I have not tested yet, but the implementation for the Marvel Switch here maybe helpful for defining the Realtek one as well.

[hharte]

Hello @greguu and @LeonG71,

I have a different ixp435 platform (Moxa UC-8410) that has a NAND FLASH on it, and it's connected a little differently than the XTM2. Instead of using the gpio-control-nand, it was originally using platform-nand, and I was able to make it mostly working by making some changes to the orion-nand driver. Instead of using GPIOs to control the ALE and CLE, the uc-8410 has those signals connected to address lines for the chip select of the NAND. I believe the Intel KIXRP435 development board did something similar. I'm surprised WatchGuard hooked up ALE and CLE to GPIOs and deviated from Intel's referece design, but who knows, maybe they had a good reason for doing that.

Regarding the Ethernet in WatchGuard's RedBoot, I'm guessing their RedBoot does not configure the switches properly or at all, and perhaps that is why we need to download using serial. I doubt that the "stock" bootloader for the KIXRP435 reference design will work any better with WG's RedBoot, and bootloader NAND suport would definitely break using the stock bootloader, as Intel wired it up differently. That being said, I read out the KIXRP435 RedBoot from the development platform and have it if you need it. Please contact me via email if so.

The UC-8410's Ethernet does not work straight away in RedBoot either, but it can be made to work by first using Moxa's RedBoot "menu system" to attempt to load a non-existent file via TFTP. That apparently sets up the NPEs correctly, and then I can exit out of the menu system to the Redboot> prompt and TFTP load as normal. It's a few hoops to jump through, but still much faster than serial download.

Take care, Howard

[LeonG71]

The redboot or uboot image that is USB capable would be useful ... details, USB2 being EHCI at 0xcd000000 or 0xce000000 ??

Some notes on watchguard...

I didn't use an oscilliscope to trace the GPIO, I only used voltmeter. I had not ruled out that the GPIO had gone through the U34 ( 4 OR gates in a package soldered on right next to the samsung NAND. ) or through the tiny U33.. (inverter ? )..looks like there is a pull up (or down) resistor on a U33 line.

I notice that watchguard redboot can be put into GDB debug protocol on the console port easily, just type $$$$ . .. or +++ ... I can load an elf into the ram (as long as it doesn't crash the GDB...) and it loads equiv of xmodem.. so not slow.

With a USB capable image we could have

1. watchguard redboot script that ...
2. then load an image from NOR (limit 500kilobytes) or NAND ( 16? megabytes ) that..

3. then loads openwrt kernel from USB ..

   I see in the NOR image) that watchguard uses this redboot script for SYSA... nandTest -t 15 -p 0 -b 0x1600000 -n 0x1fffff;nandTest -t 21 -p 0x1600000;exec -c "console=ttyS0,115200 root=/dev/mtdblock7"

and SYSB nandTest -t 15 -p 0x720 -b 0x1600000 -n 0x400000;nandTest -t 21 -p 0x1600000;exec -c "console=ttyS0,115200 root=/dev/mtdblock10 wgmode=recovery"

So what is the function of nandtest -t 21 used in those scripts ? I think it only sets redboot's idea of entry address, which also defines it as valid.

[hharte]

I have the XTM2 Ethernet ports that are connected via the 10/100 Marvell Ethernet switch kind of working in OpenWrt with this .dts:

https://github.com/hharte/openwrt/commit/5def74f29e35d27b665cc40f49ec7a4aa0a787df

It works well enough that I can at least scp binaries to the machine to make progress on other things like the NAND driver.

root@openwrt:/# ifconfig lan1 192.168.1.111 up
[   35.414063] mv88e6060 ixp4xx-eth-0:10 lan1: configuring for phy/gmii link mode
[   37.526110] mv88e6060 ixp4xx-eth-0:10 lan1: Link is Up - 100Mbps/Full - flow control off
[   37.534279] IPv6: ADDRCONF(NETDEV_CHANGE): lan1: link becomes ready

root@openwrt:/# ping 192.168.1.42
PING 192.168.1.42 (192.168.1.42): 56 data bytes
64 bytes from 192.168.1.42: seq=0 ttl=64 time=1.836 ms
64 bytes from 192.168.1.42: seq=1 ttl=64 time=0.667 ms
64 bytes from 192.168.1.42: seq=2 ttl=64 time=0.660 ms
^C
--- 192.168.1.42 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.660/1.054/1.836 ms

It looks like the gpio-control-nand device tree documentation is out of date with respect to the GPIO specification, and the device tree entry needs to be something more like:

                /*
                 *
                 * 256MB of Samsung GPIO controlled SLC NAND
                 *
                 */
                compatible = "gpio-control-nand";

                /* Expansion bus set-up */
                intel,ixp4xx-eb-t1 = <0>;
                intel,ixp4xx-eb-t2 = <0>;
                intel,ixp4xx-eb-t3 = <1>; // 1 cycle extra strobe phase
                intel,ixp4xx-eb-t4 = <0>;
                intel,ixp4xx-eb-t5 = <0>;
                intel,ixp4xx-eb-cycle-type = <0>; // Intel cycle type
                intel,ixp4xx-eb-byte-access-on-halfword = <0>;
                intel,ixp4xx-eb-mux-address-and-data = <0>;
                intel,ixp4xx-eb-ahb-split-transfers = <0>;
                intel,ixp4xx-eb-write-enable = <1>;
                intel,ixp4xx-eb-byte-access = <1>;

                /* 512 bytes memory window */
                reg = <1 0x00000000 0x200>;
//              nand-on-flash-bbt;
                nand-ecc-mode = "soft_bch";
                nand-ecc-step-size = <512>;
                nand-ecc-strength = <4>;

                #address-cells = <1>;
                #size-cells = <1>;
                rdy-gpios = <&gpio0 7 GPIO_ACTIVE_HIGH>;
                nce-gpios = <&gpio0 12 GPIO_ACTIVE_LOW>;
                ale-gpios = <&gpio0 9 GPIO_ACTIVE_HIGH>;
                cle-gpios = <&gpio0 8 GPIO_ACTIVE_HIGH>;
                nwp-gpios = <0>;

                label = "ixp400 NAND";

                partitions {
                    compatible = "fixed-partitions";
                    #address-cells = <1>;
                    #size-cells = <1>;

                    fs@0 {
                        label = "SysA Kernel";
                        reg = <0x0 0x400000>;
                    };
                    fs@400000 {
                        label = "SysA Code";
                        reg = <0x400000 0x7C00000>;
                    };
                };
            };

With this device tree change for NAND, I'm able to load the gpio-control-nand driver (gpio.ko) and it finds the NAND device, but all blocks are bad. So somethng still needs work. I tried with both Hamming and BCH ECC codes.

root@openwrt:/# cd
root@openwrt:~# insmod gpio.ko
[   58.177589] nand: device found, Manufacturer ID: 0xec, Chip ID: 0xda
[   58.184044] nand: Samsung NAND 256MiB 3,3V 8-bit
[   58.188721] nand: 256 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64
[   58.199489] Scanning device for bad blocks
[   58.203684] Bad eraseblock 0 at 0x000000000000
[...]
[   67.849289] Bad eraseblock 2047 at 0x00000ffe0000
[   68.024646] 2 fixed-partitions partitions found on MTD device ixp400 NAND
[   68.031556] Creating 2 MTD partitions on "ixp400 NAND":
[   68.036818] 0x000000000000-0x000000400000 : "SysA Kernel"
[   68.052963] 0x000000400000-0x000008000000 : "SysA Code"

Dumping out the raw NAND data shows it's all zeros, so this still needs more work:

root@openwrt:~# nanddump -c -l 512 -n -o --bb=dumpbad /dev/mtd7
Block size 131072, page size 2048, OOB size 64
Dumping data starting at 0x00000000 and ending at 0x00000200...
0x00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |................|
[...]
0x000007f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |................|
  OOB Data: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |................|
  OOB Data: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |................|
  OOB Data: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |................|
  OOB Data: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |................|

[greguu]

Hello @hharte, thanks for this! Getting the Marvel Switch working is a big win and will help with further efforts, especially if we can now load ixp4xx .ipk packages for OpenWrt. I tested successfully the switch using the .dts with eth0.

I do get all the "Bad eraseblock" messages on NAND, too, but its a start! I relied on the documentation for the GPIO spec and should have looked a bit closer. The chip does ECC I believe and there are factory defined bad blocks. Something to investigate further on the weekends.. Thanks again!

[LeonG71]

i tried gpios on the logic gates near the samsung chip. Gpio 10 runs through the "and" chip , and hits the samsung. As if it enables the latchling pulse /CE. It may be that the pulse is done from cpu lines ,and the gpio is only to read from it. And should be set to the high resistance..( Or for if the logic gates aren't present)

Get Outlook for Androidhttps://aka.ms/AAb9ysg

---

From: greguu @.> Sent: Tuesday, November 7, 2023 4:42:11 PM To: greguu/linux_kernel_xtm2_richland @.> Cc: LeonG71 @.>; Mention @.> Subject: Re: [greguu/linux_kernel_xtm2_richland] Information about this project (#1)

Hello @hhartehttps://github.com/hharte, thanks for this! Getting the Marvel Switch working is a big win and will help with further efforts, especially if we can now load ixp4xx .ipk packages for OpenWrt. I can tested successfully the switch using the .dts with eth0.

I do get all the "Bad eraseblock" messages on NAND, too, but its a start! I relied on the documentation for the GPIO spec and should have looked a bit closer. The chip does ECC I believe and there are factory defined bad blocks. Something to investigate further on the weekends.. Thanks again!

— Reply to this email directly, view it on GitHubhttps://github.com/greguu/linux_kernel_xtm2_richland/issues/1#issuecomment-1797858494, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A5LNPU47I2ROOTEPTXRWCQ3YDHC3HAVCNFSM4GWNFKO2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCNZZG44DKOBUHE2A. You are receiving this because you were mentioned.Message ID: @.***>

[LeonG71]

So the output from the samsung , R/B pin 7, goes to the U33 AND gate pin 2 "B" input... GPIO 10 goes to that "AND" gate at pin 1 ( A)..

The output of that AND gate, pin 4 , Y. goes to samsung pin 9.

And being a simple AND gate chip, it doesn't have tri-state, it must be the intended sole driver of pin 9. meaning that GPIO direct to pin 9 should should be tri-stated (eg as input to our CPU.)

So its the other logic, the R/B pin "gates" GPIO10, protecting the samsung from /CE being disabled while its busy.

And I didnt find any other GPIO on the logic gates.

[greguu]

@hharte @LeonG71 I am a bit confused around the gpio0 range and the IRQ used by PCI. (in regards to the IDSEL for the single PCI slot on the Watchguard for WiFi)

I thought there are some GPIOs used as interrupts ? Can these overlap with regular GPIO ? Dumb question maybe, but ...

[LeonG71]

GPIO pins 0 through 12 can be configured to be an interrupt input pin, and no longer a GPIO.

GPIO Pin 1 can also be configured as a clock input for an external USB 2.0 Host Bypass clock. When spread spectrum clocking (SSC) is used, an external clock should be used as the source for the USB 2.0 Host clock. Refer to the Intel® IXP43X Product Line of Network Processors Developer’s Manual for more information. GPIO Pin 14 and GPIO 15 can also be configured as a clock output. The output-clock configuration can be set at various speeds, up to 33.33 MHz, with various duty cycles. GPIO Pin 14 is configured as an input, upon reset. GPIO Pin 15 is configured as an output, upon reset. GPIO Pin 15 can be used to clock the expansion interface, after reset.

[LeonG71]

If used as a PCI host, up to 4 PCI interrupt signals are wired as GPIO inputs to the GPIO Controller function (not a part of the PCI Controller) and further presented to the Interrupt Controller function (again, not a part of the PCI Controller) to generate an interrupt to the Intel XScale processor. The PCI Controller provides no hardware support for these interrupts. By specification, PCI interrupts are level-sensitive and asserted/deasserted asynchronously to the PCI clock

So its completely arbitrary which GPIO is used by watchguard to attach to the pci slot.. I suppose I could find out by testing for them at PCI slot... But The watchguard bootlog says the wifi card is on Irq 6 , which implies GPIO 6 should be enabled as an interrupt. active low ?

Watchguard log says... Richland PCI: mapping IRQ pin 1 to GPIO (it said GPIO0 actually, but I assume it meant GPIOS0, 6 because later on, it says ...
ieee80211 phy0: Atheros AR9160 MAC/BB Rev:1 AR5133 RF Rev:b0 mem=0xd2ae0000, irq=6

[LeonG71]

u-boot from 2013 does give me console , using the config for prodrive " pdnb3" board.. with a few little fixes. eg telling it to continue without detecting flash, telling it ram_size is to be tested out with find_ram_size () or whatever its. Moving the text location up to 0x200000 so I can load it in there, and copying the gnu_gcc4 header file to gnu_gcc12 .. or whatever matches your gcc.

[LeonG71]

I just use openwrt's toolchain for compiling u-boot.. just need to define the PATH to include the bins, and "CROSS_COMPILE" in the Makefile to use arm-blahblah-gcc etc

uboot has no trouble with the samsung flash.

nand dump 0 Page 00000000 dump: 19 85 e0 01 00 00 00 2e 4e 28 d0 a8 00 00 00 01 00 00 00 00 00 00 00 02 65 57 75 c8 06 08 00 00 ec 0a 86 be 68 67 f2 e1 7a 49 6d 61 67 65 ff ff etc

I used the following definitions to do pretty much the same as what nand_plat.c suggests.

define IO_SYNC { long tmp = ((long )0x4000); asm volatile("mov %1, %0\n" : "=r" (tmp) : "r" (tmp)); }

define SLEEPTIME 5

void CLE_HIGH() { IO_SYNC; GPIO_OUTPUT_SET(IXP_CLE); IO_SYNC; } void CLE_LOW() { IO_SYNC; GPIO_OUTPUT_CLEAR(IXP_CLE); IO_SYNC; } void ALE_HIGH() { IO_SYNC; GPIO_OUTPUT_SET(IXP_ALE); IO_SYNC; } void ALE_LOW() { IO_SYNC; GPIO_OUTPUT_CLEAR(IXP_ALE); IO_SYNC; } void NCE_HIGH() { IO_SYNC; GPIO_OUTPUT_SET(IXP_NCE); IO_SYNC; } void NCE_LOW() { IO_SYNC; GPIO_OUTPUT_CLEAR(IXP_NCE); IO_SYNC; }

void NANDCMD(unsigned char cmd ) { NCE_LOW() ; CLE_HIGH(); udelay(SLEEPTIME); *IXP_NAND = cmd ; udelay(SLEEPTIME); CLE_LOW(); }

void NANDADD(unsigned char add ) { ALE_HIGH(); udelay(SLEEPTIME); *IXP_NAND = add; udelay(SLEEPTIME); ALE_LOW(); }