e00958884416 fw4: do not add physical devices for soft offload
dfbcc1cd127c fw4: skip not existing netdev names in flowtable device list
18fc0ead19fa init: use the reload data trigger to reload firewall on procd data changes
Fixes: https://github.com/openwrt/openwrt/issues/13410
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Currently if the host system has cmocka installed it will leak the host
path and try to use the host cmocka and build tests.
This will obviously fail, so backport upstream commit allowing disabling
of tests and disable building them.
Fixes: openwrt/packages#25456
Link: https://github.com/openwrt/openwrt/pull/17297
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add QCA2066 firmware package, ath11k is already supported.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Link: https://github.com/openwrt/openwrt/pull/17260
Signed-off-by: Robert Marko <robimarko@gmail.com>
93461ca4c827 unet-cli: only apply defaults on create
3e5766783d5d unet-tool: add support for confirming password
074d3659ca4a unet-cli: confirm password when creating new seed based key
bf3488a3807a unet-cli: add add/set-local-host command
9eb57c528461 unet-cli: add support for setting interface zone
a0a2d80f3459 ubus: add firewall rules for network port/pex_port via procd
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2e206dbe77ec service: add support for triggers on service/instance data changes
735b48728fca service: remove leftover lines from previous commit
32469644a029 service: allow incremental changes to service properties
fd01fb852302 service: fix double free bug when dealing with data
Signed-off-by: Felix Fietkau <nbd@nbd.name>
058a099f5bc5 interface: fix memleak and reload issue for the zone attribute
ea01ed41f321 interface: remove unnecessary NULL checks before free()
Signed-off-by: Felix Fietkau <nbd@nbd.name>
d22d7db581d5 bpf_skb_utils.h: add missing include to fix build against newer kernel headers
bbd3e0eb1419 host: fix peer routes on a node acting as gateway
b17164751fc7 unet-tool: add support for generating keys from salt + seed passphrase
041e05870c20 unet-tool: add support for dumping pubkey from signed file
b58920d420cb unet-tool: add support for extracting network data from signed bin file
f335f5b40b4e unet-cli: add support for generating key from seed
8b1f1d099352 unet-cli: add support for importing networks from signed data
188ba05eadf2 unet-cli: add missing command line help for import
8f15fc306a40 unet-cli: fix add-ssh-host with seed keys
486bc3b86dc2 pex-msg: enable broadcast for global PEX socket
e4a24cdfbc1c unet-cli: fix defaults on create
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Images for xrx200 8M flash are either not building due to image
size (TD-W8970, TD-W8980) or building such that the available
free space in the overlayfs is too little to be useful.
To keep images for these devices buildable, move them into a
small flash variant of the xrx200 subtarget. As these devices
are NOR flash only, remove NAND and UBI references from the
kernel config to gain some additional image size reduction.
The apparent 8M flash devices Arcadyan VGV7510KW22-brn,
Arcadyan VGV7519-brn and Lantiq Easy80920-nor seem to exist in
order to create special "factory" installation images for these
devices (which actually have larger flash: 16MB for the
Arcardyan devices; 64MB for the Lantiq device). As a
considerable amount of surgery would appear to be required to
the uboot-lantiq package structure to separate the "factory"
from the "sysupgrade" device recipes for these devices they
remain in the xrx200 target - if factory images aren't now
created, 23.05.x factory images should suffice for initial
installation.
Tested on: Netgear DM200, TP-Link TD-W8980,
AVM Fritz7490 (xrx200 subtarget: image build only)
Fixes: https://github.com/openwrt/openwrt/issues/16761
Signed-off-by: Andrew MacIntyre <andymac@pcug.org.au>
Link: https://github.com/openwrt/openwrt/pull/17113
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes "sh: write error: Invalid argument" for all default!=1 LEDs
as an empty $brightness was used.
Setting up LEDs via luci also now works again.
Fixes cbdfd03e: "base-files: add option to set LED brightness"
Signed-off-by: Andre Heider <a.heider@gmail.com>
Link: https://github.com/openwrt/openwrt/issues/17269
Signed-off-by: John Crispin <john@phrozen.org>
Specifications:
- Device: ASUS 4g-AX56
- SoC: MT7621AT
- Flash: 128MB
- RAM: 512MB
- Switch: 1 WAN, 4 LAN (10/100/1000 Mbps)
- WiFi: MT7905 2x2 2.4G + MT7975 2x2 5G
- LTE : Fibocom FG621-EA
- LEDs: 1x POWER (white, configurable)
1x 2.4G (white, not configurable)
1x 5G (white, not configurable)
1x WAN (white, not configurable)
1x 3G/4G (white, not configurable)
3x signal (white, not configurable)
Flash by U-Boot TFTP method:
- Configure your PC with IP 192.168.0.2
- Set up TFTP server and put the factory.bin image on your PC
- Connect serial port(rate:115200) and turn on AP, then interrupt "U-Boot Boot Menu" by hitting any key
Select "2. Upgrade firmware"
Press enter when show "Run firmware after upgrading? (Y/n):"
Select 0 for TFTP method
Input U-Boot's IP address: 192.168.0.1
Input TFTP server's IP address: 192.168.0.2
Input IP netmask: 255.255.255.0
Input file name: openwrt-ramips-mt7621-asus_4g-ax56-squashfs-factory.bin
- Restart AP aftre see the log "Firmware upgrade completed!"
Notice:
- LTE module is disable after flash openwrt image so you must active LTE by following two AT command
echo -e "AT+GTAUTOCONNECT=1\r\n" > /dev/ttyUSB0
echo -e "AT+GTRNDIS=1,1\r\n" > /dev/ttyUSB0
- After finish AT command once, you don't need to input command later even if reboot/restore default
Signed-off-by: Chuncheng Chen <ccchen1984@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16752
Signed-off-by: John Crispin <john@phrozen.org>
NRadio C8-668GL is a Wi-Fi 6 5G cellular router based on MediaTek MT7981B SoC.
- **SoC**: MediaTek MT7981B (2x Cortex-A53, 1.3GHz)
- **RAM**: Nanya NT5AD512M16C4-JR 1GB DDR4
- **Flash**: ESMT FC51L08SFY3A 8GB eMMC
- **Ethernet**:
- 1x 2.5GbE (via GMAC0 and GPY211 PHY, shared with MT7531AE)
- 3x 10/100/1000 Mbps (via MT7531AE, connected to GMAC0)
- 5G Modem: GMAC1 (via GPY211 PHY - RTL8125BG - RM520N-GL)
- **Wi-Fi**: MediaTek MT7976CN (2.4GHz/5GHz, 802.11ax, 2x2 MIMO, AX3000)
- **Buttons**: Reset, WPS
- **LEDs**: Power, 5G, 4G, WiFi
- **SIM Slot**: 1x Nano SIM
- **5G Modem**: Quectel RM520N-GL (Snapdragon™ X62)
- **Power**: 12V/2A DC, 5.5×2.1 connector
The MAC addresses are derived from the `fac_mac` field in the `bdinfo` partition, formatted as `fac_mac = HWMAC`. The allocation is as follows:
| Vendor | OpenWrt Interface | Address | Notes |
|---------|-------------------|---------------|------------------------------------------------|
| LAN | br-lan | Label MAC | Default |
| WAN | lan4 | Label MAC+1 | Only when lan4 is switched to WAN |
| 2.4GHz | phy0-ap0 | Label MAC | |
| 5GHz | phy1-ap0 | Label MAC | (Local Admin bit set) |
| Modem | eth1 | Label MAC+2 | |
1. Log in to the router via `http://192.168.66.1`/.
2. Upgrade the official firmware to dual-system mode.
3. Select **Burn second system** and upload the `sysupgrade.bin` image.
- Download the image from the OpenWrt build system or build it yourself using the OpenWrt buildroot.
4. Wait for 30 seconds and click **Switch system**.
5. The device will reboot and switch to OpenWrt.
Set the U-Boot environment variable `boot_system=0` and reboot:
```bash
fw_setenv boot_system 0
```
Power off the router, hold the **WPS button**, and power it back on.
1. Rename the stock firmware file to **`recovery.bin`**.
2. Set your PC's Ethernet IP to **192.168.1.88** and connect it to the lan1 port on the router.
3. Run a TFTP server and place the `recovery.bin` file in its root directory.
4. Power off the router, press and hold the **Reset button**, and power it back on.
5. Release the Reset button when the TFTP server shows activity.
6. Wait for the router to flash the firmware and reboot automatically.
- By default, `lan4` is part of `br-lan` and uses the label MAC address.
- To query the RM520N-GL module, use the following command:
```bash
cat /dev/ttyUSB2 & printf 'ATI\r\n' > /dev/ttyUSB2
```
Signed-off-by: Yaoguang Bai <0xdeadc0de@badguys.club>
Link: https://github.com/openwrt/openwrt/pull/17093
Signed-off-by: John Crispin <john@phrozen.org>
Don't fail wireless interface bringup on empty PSK set. This is a valid
configuration, resulting in a PSK network which can't be connected to.
It does not fail the bringup of the hostapd process.
Keep failing the interface setup in case a password with invalid length
is used.
This is also beneficial when intending to configure a PPSK network. It
allows to create a network where no PPSK is yet set.
Signed-off-by: David Bauer <mail@david-bauer.net>
Link: https://github.com/openwrt/openwrt/pull/17197
Signed-off-by: John Crispin <john@phrozen.org>
refresh the following patch for ath12k
001-wifi-ath12k-add-11d-scan-offload-support-and-handle-country-code-for-WCN7850.patch
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17246
Signed-off-by: John Crispin <john@phrozen.org>
Ensure that the code doesn't pass macaddr_base with the wrong type (null)
to the supplicant setup/start call.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Name the pidfile of each dropbear instance according to the
corresponding uci section name. This enables a 1:1 mapping between the
definition of the service instance and its process.
Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>
Link: https://github.com/openwrt/openwrt/pull/15177
Signed-off-by: John Crispin <john@phrozen.org>
fix default timezone to correct GMT0,
origin value 'UTC' is zonename, not timezone.
Signed-off-by: Jiale Liu <admin@licsber.site>
Link: https://github.com/openwrt/openwrt/pull/15128
Signed-off-by: John Crispin <john@phrozen.org>
Initial support for dynamic reload of RxKHs.
In order to check if RxKHs need reloading.
RxKHs defined in the rxkh_file first has to be parsed and formated,
the same way as hostapd will read from the file and also output,
with the command GET_RXKHS.
Then each list of RxKHs can be hashed and compared.
Ucode implementation of hostapds rkh_derive_key() function.
Hostapd converts hex keys with 128-bits or more when less than 256-bits
to 256-bits, and truncates those that are more than 256-bits.
See: https://w1.fi/cgit/hostap/commit/hostapd/config_file.c?id=245fc96e5f4b1c566b7eaa19180c774307ebed79
Signed-off-by: Sybil127 <sybil127@outlook.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
With rxkh_file, hostapd will read a list of RxKHs from a text file.
This also makes it possible for hostapd to dynamically reload RxKHs.
RxKHs defined in rxkh_file should be formated as described in hostapd.conf,
with one entry per line.
R0KH/R1KH format:
r0kh=<MAC address> <NAS Identifier> <256-bit key as hex string>
r1kh=<MAC address> <R1KH-ID> <256-bit key as hex string>
Reworked behavior of the uci options r0kh and r1kh.
When rxkh_file is not configured:
Instead of appending the RxKHs to the hostapd bss configuration.
They will be added to a interface specific file with name
/var/run/hostapd-phyX-apX.rxkh.
This file will be used as the rxkh_file in the hostapd bss configuration.
When rxkh_file is configured:
The specified file will be used in the hostapd bss configuration,
and will be the only source for configured RxKHs.
All RxKHs defined with the uci options r0kh or r1kh will be ignored.
Signed-off-by: Sybil127 <sybil127@outlook.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The initialization of mesh interfaces currently fail when wpa_supplicant
is not installed. This is due to the script calling the wpa_supplicant
feature indicator without verifying wpa_supplicant is installed at all.
To avoid failing, first check if wpa_supplicant is installed before
determining the available featureset.
Signed-off-by: David Bauer <mail@david-bauer.net>
This reverts commit 1cea889c96.
This reverts commit 5fd86d66c1.
The patch is causing build servers to fail. Revert it for now.
Signed-off-by: John Crispin <john@phrozen.org>
This option enables support for monochrome LEDs that are grouped into multicolor
LEDs which is useful in the case where LEDs of different colors are physically
grouped in a single multi-color LED and driven by a controller that doesn't have
multi-color support.
Signed-off-by: Jonathan Brophy <professor_jonny@hotmail.com>
Link: https://github.com/openwrt/openwrt/pull/16397
Signed-off-by: John Crispin <john@phrozen.org>
Some devices use file '/tmp/sysupgrade.tar' during settings restore and
this potentially big file was not being cleaned up from RAM afterwards.
See: do_mount_root() (base-files/files/lib/preinit/80_mount_root)
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15339
Signed-off-by: John Crispin <john@phrozen.org>
dnsmasq passes a limited amount of information via DHCP script arguments. Much
more information is available through environment variables starting with
DNSMASQ_, such as DNSMASQ_INTERFACE. However, when the dhcp-script builds its
JSON environment and passes it to hotplug, all of this information is discarded
since it is not copied to the JSON environment.
Personally, I have a custom-made set of DDNS scripts and rely on environment
variables such as DNSMASQ_INTERFACE in order to determine which DNS zones
to update. So, not being able to access these variables was detrimental to me.
I patched in a quick copy of all DNSMASQ_ variables to the JSON environment
so that they can be used in hotplug scripts. In order to do so I also copied
/usr/bin/env into dnsmasq's chroot jail.
Signed-off-by: Chuck R <github@chuck.cloud>
Link: https://github.com/openwrt/openwrt/pull/16354
Signed-off-by: John Crispin <john@phrozen.org>
Group 'local' declarations and 'json_get_vars', sort alphabetically within groups, and split off more generic parameters.
- delegate and sourcefilter were not declared as local variables
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Link: https://github.com/openwrt/openwrt/pull/16734
Signed-off-by: John Crispin <john@phrozen.org>
Group 'local' declarations and 'json_get_vars', sort alphabetically within groups, and split off more generic parameters.
- delegate and sourcefilter were not declared as local variables
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Group 'local' declarations and 'json_get_vars', sort alphabetically within groups, and split off more generic parameters.
- delegate and sourcefilter were not declared as local variables
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Add option to set LED brightness via uci:
config led 'led_blue'
option name 'blue'
option sysfs 'blue:status'
option brightness '1'
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17190
Signed-off-by: John Crispin <john@phrozen.org>
change Support-UDP-Traceroute rule from 'enabled false' to 'enabled 0'
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17133
Signed-off-by: John Crispin <john@phrozen.org>
Regarding SAE support in wifi-station:
Important Note: Unlike PSK wifi-stations, both `mac` and `key` options are required
to make it work. With PSK, hostapd used to perform a brute-force match to find which
PSK entry to use, but with SAE this is infeasible due to SAE's design.
When `mac` is omitted, it will allow any MAC address to use the SAE password if it
didn't have a MAC address assigned to it, but this could only be done once.
The last wildcard entry would be used.
Also, unlike "hostapd: add support for SAE in PPSK option" (commit 913368a),
it is not required to set `sae_pwe` to `0`. This gives it a slight advantage
over using PPSK that goes beyond not needing RADIUS.
Example Configuration:
```
config wifi-vlan
option iface default_radio0
option name 999
option vid 999
option network management
config wifi-station
# Allow user with MAC address 00:11:22:33:44:55 and matching
# key "secretadminpass" to access the management network.
option iface default_radio0
option vid 999
option mac '00:11:22:33:44:55'
option key secretadminpass
config wifi-vlan
option iface default_radio0
option name 100
option vid 100
option network guest
config wifi-station
# With SAE, when 'mac' is omitted it will be the fallback in case no
# other MAC address matches. It won't be possible for a user that
# has a matching MAC to use this network (i.e., 00:11:22:33:44:55
# in this example).
option iface default_radio0
option vid 100
option key guestpass
```
Regarding PSK file creation optimization:
This patch now conditionally runs `hostapd_set_psk_file` depending on `auth_type`.
Previously, `hostapd_set_psk` would always execute `hostapd_set_psk_file`, which
would create a new file if `wifi-station` was in use even if PSK was not enabled.
This change checks the `auth_type` to ensure that it is appropriate to parse the
`wifi-station` entries and create those files.
Furthermore, we now only configure `wpa_psk_file` when it is a supported option
(i.e., psk or psk-sae is used). Previously, we used to configure it when it was
not necessary. While it didn't cause any issues, it would litter `/var/run` with
unnecessary files. This patch fixes that case by configuring it depending on the
`auth_type`.
The new SAE support is aligned with these PSK file changes.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/17145
Signed-off-by: John Crispin <john@phrozen.org>
93458ac dns: fix response to TYPE_PTR query
68af311 fix unicast response port and timeout
a2b4979 service: announce all services in single dns answer
4537734 display announced services in ubus call umdns browse
0b50c29 display more srv attributes in output of ubus browse function
Signed-off-by: John Crispin <john@phrozen.org>
e2f05de state: set_stdio: chdir back to / in case of failure
30542c9 inittab: Disable implicit controlling TTY.
Signed-off-by: John Crispin <john@phrozen.org>
libbfd feature is not used when building eBPF program, and it makes bpftool fail to build in a clean environment, since binutils in toolchain have libbfd disabled.
Signed-off-by: Eric Long <i@hack3r.moe>
Link: https://github.com/openwrt/openwrt/pull/17073
Signed-off-by: Robert Marko <robimarko@gmail.com>
Enable the busybox feature to save shell command history.
(.apk size increase 0.5 kB)
To prevent flash wear,
* save history only at the exit from a shell session, and
* set /tmp as the default location for the history file. The history
is kept on ramdisk until a reboot, when the history is then lost.
If the user wants to save history onto flash, he can change the location
definition in /etc/profile.d/busybox-history-file.sh
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/17179
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
