BPI-R4 Lite Ubuntu Image

DigitalMechanic · November 4, 2025, 7:41pm

Hi Frank,

I thought you said you did a new build for this on 2025/11/01…

https://github.com/frank-w/BPI-Router-Linux/releases/download/CI-BUILD-6.17-main-6.17.0-2025-11-01_1105/bpi-r4.itb

Where you changed this…

CONFIG_MEDIATEK_2P5GE_PHY=y
CONFIG_EXTRA_FIRMWARE="aeonsemi/as21x1x_fw.bin mediatek/mt7987/i2p5ge-phy-DSPBitTb.bin mediatek/mt7987/i2p5ge-phy-pmb.bin"

And thought you said it made the 2p5ge bind?

I tried to replace “/boot/bpi-r4.itb” with it and still not working on my end.

Should that have made it work? Or at least a temporary fix?

root@bpi-r4:~# dmesg | grep eth1
[    1.377722] mtk_soc_eth 15100000.ethernet eth1: mediatek frame engine at 0xffffffc084080000, irq 69
[    7.580514] mtk_soc_eth 15100000.ethernet eth1: PHY [mdio-bus:0f] driver [Generic Clause 45 PHY] (irq=POLL)
[    7.588296] mtk_soc_eth 15100000.ethernet eth1: configuring for phy/internal link mode
root@bpi-r4:~# zgrep MEDIATEK_2P5GE /proc/config.gz
CONFIG_MEDIATEK_2P5GE_PHY=m

frank-w · November 4, 2025, 8:47pm

I did only test with this builtin setting,not changed this in repo so build is still module and without firmware

But have changed it now in tree,till we find a better way. Pipeline is running,but will take some hours.

DigitalMechanic · November 5, 2025, 2:53am

Pipeline finished. I was able to put the new bpi-r4.itb in /boot/bpi-r4.itb and it works.

https://github.com/frank-w/BPI-Router-Linux/releases/download/CI-BUILD-6.17-main-6.17.0-2025-11-04_2136/bpi-r4.itb

I will keep watch though for the final fix, but this at least can let me continue with customization of the OS. Thanks Frank!

DigitalMechanic · November 7, 2025, 6:13am

Hi @frank-w it looks like the legacy iptables is not compiled in the kernel. What are the chances of getting that? Is there a reason it was not included?

frank-w · November 7, 2025, 6:24am

Debian had moved to nftables long time ago and ubuntu based on debian. To reduce compile-time on testing and space on rootfs i had not added this as there are many modules.

DigitalMechanic · November 8, 2025, 4:41pm

Agreed about nftables, however iptables syntax is still generally used and translated via iptables-nft (“translated” might not be the right word, it’s more complex than that). The device has iptables-nft and iptables-translate but the support is very limited, in fact too limited to be a functioning firewall (even router), which imo is what this device wants to become for basically anyone that invests in it. For example things like TCPMSS, MASQUERADE, SET, DNAT, SNAT are not even understood by iptables-nft. The kernel will need additional support for iptables-nft to function when applying those rules.

Kernel Issues:
Warning: Extension TCPMSS revision 0 not supported, missing kernel module?
Warning: Extension SET revision 0 not supported, missing kernel module?
Warning: Extension DNAT revision 0 not supported, missing kernel module?
Warning: Extension SNAT revision 0 not supported, missing kernel module?
Warning: Extension MASQUERADE revision 0 not supported, missing kernel module?

Those are just the ones I noticed so far…

So I think (but not sure if this is inclusive enough)…

 Feature         Kernel module/config                            
 --------------   ----------------------------------------------- 
 TCPMSS clamp   | xt_TCPMSS / TCPMSS match                        
 ipset sets     | xt_set, ip_set, ip_set_hash_net                 
 NAT (iptables) | xt_nat, xt_snat, xt_dnat, xt_masquerade, nf_nat 
 NAT helpers    | nf_nat_ftp, nf_conntrack_ftp                    
 Conntrack      | nf_conntrack, xt_conntrack                      
 nftables NAT   | nft_nat

I have not tried to build a kernel yet, but maybe it is time for me to give it a try? Any guide out there to get started? How difficult is it?

If this is doable, is there a place to grab your most recent build file and then modify it, that way it is easy to stay in sync with your testing and validation work?

ericwoud · November 8, 2025, 5:06pm

Start with a basic setup, like so:

https://github.com/ericwoud/buildR64arch/blob/main/rootfs/etc/nftables.conf

DigitalMechanic · November 8, 2025, 5:30pm

Maybe I should explain the use case. I have an overlay system, a tool that simplifies/abstracts iptables/nft. It runs as a service and applies several templates (using traditional iptables syntax) when the device boots, and then you can issue it commands to create firewall rules on the fly as well. It basically takes a single command and turns it into one or more supporting iptables commands. So I have templates that have 100’s of rules in them. Also, iptables is symlink’d to iptables-nft for how many ever years now. So on a typical Ubuntu 24.04 system, iptables-nft does the translation of these rules and applies them with no issue, but that is because the support is in the kernel for iptables-nft to do so.

So I am not trying to start fresh so much as I am trying to port a system that has been around for a long time and is “already understood” to this device.

This is why I asked about me building a separate kernel forked off yours, as I know you do not want to introduce slower build times to your process. I imagine it is already pretty lengthy as is.

ericwoud · November 8, 2025, 5:38pm

Do you have a kernel config file of that functional system?

You can rip from it the whole netfilter chapter and replace that part in the BPI kernel config file.

Should work, except maybe some dependencies, so after applying, check if it is still complete.

Then build your own kernel files with this config.

frank-w · November 8, 2025, 6:12pm

Afaik i had iptables still actice for bpi-r2,so maybe copy the config symbols from this defconfig.

But you have to build if by your own.

DigitalMechanic · November 8, 2025, 7:14pm

I know minimally what I need to have from the error messages, just need to learn how to build it into your bpi-r4.itb for the r4 lite.

frank-w · November 8, 2025, 7:19pm

There is a readme basicly you can use build.sh for all.

./build.sh defconfig

As first step after changing build.conf to the right board to add your options. Then follow readme. Building in ubuntu is recommended. You can also look what ci pipeline does (.github/workflows/build.yaml)

DigitalMechanic · November 9, 2025, 9:50pm

@ericwoud @frank-w Appreciate all the help so far. I don’t have the bandwidth for it this weekend, too much other stuff going on. But will look into it during the week, see if I can make some progress.

frank-w · November 11, 2025, 6:43am

mt7987 phy firmware is finally merged to linux-firmware, so it should be visible.

but as we found out here, it still needs to be builtin to get it working.

DigitalMechanic · November 11, 2025, 7:23pm

I see it https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/mediatek/mt7987

DigitalMechanic · November 13, 2025, 3:55am

Hi Frank, is there a way to pull the defconfig .config file for this specific build?

https://github.com/frank-w/BPI-Router-Linux/releases/download/CI-BUILD-6.17-main-6.17.0-2025-11-04_2136/bpi-r4.itb

I think that I am getting the main 6.12 kernel template or generic 6.17 or something else but not sure. I know that I do not see your phy changes and additional hardware lines in the config.

git clone https://github.com/frank-w/BPI-Router-Linux.git
cd BPI-Router-Linux/
git checkout 6.17-r4lite
./build.sh importconfig

I suppose I could always copy /proc/config.gz on the device over to .config and try “make menuconfig”? Not sure if there are any implications there?

frank-w · November 13, 2025, 5:41am

The build is from 6.17-main branch, so just change to this change build.conf importconfig and build