When procd-ujail is available, 1f78538387 runs hostapd as user
"network", with only limited additional capabilities (CAP_NET_ADMIN and
CAP_NET_RAW).
hostapd_cli (CONFIG_PACKAGE_hostapd-utils) communicates with hostapd
over a named UNIX-domain socket. hostapd_cli is responsible for creating
this socket at /tmp/wpa_ctrl_$pid_$counter. Since it typically runs as
root, this endpoint is normally created with uid root, gid root, mode
0755. As a result, hostapd running as uid network is able to receive
control messages sent through this interface, but is not able to respond
to them. If debug-level logging is enabled (CONFIG_WPA_MSG_MIN_PRIORITY
<= 2 at build, and log_level <= 2 in /etc/config/wireless wifi-device),
this message will appear from hostapd:
CTRL: sendto failed: Permission denied
As a fix, hostapd_cli should create the socket node in the filesystem
with uid network, gid network, mode 0770. This borrows the presently
Android-only strategy already in hostapd intended to solve the same
problem on Android.
If procd-ujail is not available and hostapd falls back to running as
root, it will still be able to read from and write to the socket even if
the node in the filesystem has been restricted to the network user and
group. This matches the logic in
package/network/services/hostapd/files/wpad.init, which sets the uid and
gid of /var/run/hostapd to network regardless of whether procd-ujail is
available.
As it appears that the "network" user and group are statically allocated
uid 101 and gid 101, respectively, per
package/base-files/files/etc/passwd and USERID in
package/network/services/hostapd/Makefile, this patch also uses a
constant 101 for the uid and gid.
Signed-off-by: Mark Mentovai <mark@moxienet.com>
[refreshed patch]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fix the return value, shell return codes should be 0 to indicate success
(i.e. mount point found), 1 should be failure (i.e. mount point not-found).
Fixes: ac4e8aa ("dnsmasq: fix more dnsmasq jail issues")
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
Extend the hotplug.json ruleset to setup the common /dev/std{in,out,err}
symbolic links which are needed by some applications, e.g. nftables when
applying rulesets from stdin.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
8de12de system: add diskfree infos to ubus
bf3fe0e service: move jail parsing to end of instance parser
87b5836 procd: add full service shutdown prior to sysupgrade
01ac2c4 procd: service_stop_all: also kill inittab actions
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
5dd32475c859 mt76: mt7915: get rid of mt7915_mcu_set_fixed_rate routine
f5cfaaff3dd1 mt76: mt7921: drop offload_flags overwritten
f5ad840ca5c0 mt76: mt7615: fix possible deadlock while mt7615_register_ext_phy()
29a8a08827b1 mt76: mt7921: fix MT7921E reset failure
f44685f2faee mt76: mt7915: fix return condition in mt7915_tm_reg_backup_restore()
ae8e02ddd2b0 mt76: mt7915: fix SMPS operation fail
e814e15716b0 mt76: reverse the first fragmented frame to 802.11
c9bca3ed9566 mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode
dd054b7e16e7 mt76: only set rx radiotap flag from within decoder functions
f1520c9bb332 mt76: mt7915: add default calibrated data support
0c489ea2865a mt76: testmode: add support to set MAC
91c5da3d0a7c mt76: mt7921: add support for PCIe ID 0x0608/0x0616
ca39b4bbc227 mt76: debugfs: fix queue reporting for mt76-usb
00b6f497e2e8 mt76: mt7921: introduce 160 MHz channel bandwidth support
c1574466c733 mt76: fix possible OOB issue in mt76_calculate_default_rate
9680a17b0aed mt76: mt7921: fix possible NULL pointer dereference in mt7921_mac_write_txwi
78fc0dcdcef0 mt76: connac: fix a theoretical NULL pointer dereference in mt76_connac_get_phy_mode
05953e7d6fe7 mt76: mt7615: remove dead code in get_omac_idx
39f6c37127c1 mt76: connac: remove PHY_MODE_AX_6G configuration in mt76_connac_get_phy_mode
526591b203f3 mt76: do not pass the received frame with decryption error
256789bb400f mt76: fix the wiphy's available antennas to the correct value
fa187f5cf068 mt76: fix timestamp check in tx_status
11ebf11a3587 mt76: mt7915: fix the wrong SMPS mode
8c69b815ee7f mt76: mt7921: honor mt76_connac_mcu_set_rate_txpower return value in mt7921_config
bc6798f729f9 mt76: move sar utilities to mt76-core module
b1d0ad2e74fe mt76: mt76x02: introduce SAR support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Allows to avoid rpath hacks with at least softethervpn.
--with-pic is needed as it's not default with static libraries, only
shared ones.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
cce5e35 vlist: define vlist_for_each_element_safe
This is change affects only a macro in headers and hence it is not
required to bump ABI_VERSION.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
68961a555e42 ubus: drop dnsmasq check for dns_result method
1ca3e26b8169 bpf: refactor code to support explicit opt-in for bulk+prio detection
3f0acf039f41 bpf: move flow prio/bulk detection config into a separate data structure
bc54c97e3333 map, bpf: create a separate map for configured dscp classes
46cf3eae2d99 bpf: fix bulk flow detaction
88f1db7dd611 bpf: fix priority flow detection
b5dec7874373 bpf: remove access to skb->gso_size
e728a319a9a5 interface: unify status, always include ifname, ingress, egress
Signed-off-by: Felix Fietkau <nbd@nbd.name>
BTF pointer data has a different size on 32 vs 64 bit targets,
and while the generated eBPF code works, the BTF data fails to validate
on mismatch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Since sqm-scripts and qos-scripts packages are in the same category as qosify,
the firsts being in the Base System category, I find it understandable to move
the latter to Base System instead of network section.
Signed-off-by: Rodrigo B. de Sousa Martins <rodrigo.sousa.577@gmail.com>
On systems using brmcfmac (e.g. Raspberry Pi Zero W) without this fix,
the final setup-call:
iw dev wlan0 ibss join ...
fails with returncode 161 and message:
"command failed: Not supported (-95)"
So this patch calls an explicit:
iw dev wlan0 set type ibss
just prior to the 'ibss join' command.
I have tested several ath9k and mt76xx devices
with different revisions: this patch does not harm.
please also apply to stable branch.
Signed-off-by: Bastian Bittorf <bb@npl.de>
Update Telekom Speedport W921V firmware download URL.
Contained TAPI and VDSL firmware blobs are identical.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
19aae94 [build: avoid rebuilds of unset VARIANT packages] builds
packages defined without a VARIANT only once, using the first VARIANT
defined in the Makefile.
This caused problems with wpa-cli, as it is only built for variants that
include supplicant support, and the first VARIANT defined may not build
it.
The same happens to hostapd-utils, which is not built for
supplicant-only variants.
To circumvent this, set VARIANT=* for both packages so that they get
built for every defined variant. This should not cause spurious
rebuilds, since tey are not a dependency of any other package defined in
this Makefile.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
On lantiq a lot of stuff expects to be loaded to and executed at
0x80002000, including our own second stage bootloader.
For all build u-boots, the initial stack pointer is at 0x80008000. After
loading data to 0x80002000, every further stack operation corrupts the
loaded code.
Set the initial stack pointer to 0x80002000, to not overwrite code
loaded in memory. A stack of 0x2000 bytes has been proven as enough in
all done tests.
Signed-off-by: Mathias Kresin <dev@kresin.me>
On danube we only have 0x6800 bytes of usable SRAM. Everything behind
can't be written to and a SPL u-boot locks up during boot.
Since it's a hard to debug issue and took me more than two years to fix
it, I consider it worth to include fix albeit SPL u-boots are not build
in OpenWrt.
I faced the issue while trying to shrink the u-boot to 64K since some
boards only have an u-boot partition of that size from the days
ifx-uboot was used.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
With gcc10 the variables are placed more tightly to each other, which
uncovers a long existing bug in the lantiq DMA code. It can be observed
when using tftpboot with the filename parameter, which gets reset during
the tftpboot execution.
NetRxPackets[] points to cache line size aligned addresses. In
ltq_eth_rx_packet_align() the address NetRxPackets[] points to is
increased by LTQ_ETH_IP_ALIGN and the resulting not cache aligned
address is used further on. While doing so, the length/size is never
updated.
The "not cache aligned address" + len/size for a cache aligned address
is passed to invalidate_dcache_range(). Hence, invalidate_dcache_range()
invalidates the next 32 bit as well, which flashes the BootFile variable
as well.
variable BootFile is at address: 0x83ffe12c
NetRxPackets[] points to 0x83ffdb20 (len is 0x600)
data points to: 0x83ffdb22 (len is 0x600)
ltq_dma_dcache_inv: 0x83ffdb22 (for len 0x600)
invalidate_dcache_range: 0x83ffdb20 to 0x83ffe120 (size: 32)
invalidate_dcache_range: 0x83ffdb20 to 0x83ffdb40 (Bootfile: a.bin)
...
invalidate_dcache_range: 0x83ffe100 to 0x83ffe120 (Bootfile: a.bin)
invalidate_dcache_range: 0x83ffe120 to 0x83ffe140 (Bootfile: )
In ltq_dma_tx_map() and ltq_dma_rx_map() the start address passed to
ltq_dma_dcache_wb_inv() is incorrect. By considering the offset, the
start address passed to flush_dcache_range() is always aligned to 32, 64
or 128 bytes dependent on configured DMA burst size.
Fixes: FS#4113
Signed-off-by: Mathias Kresin <dev@kresin.me>
At least since gcc 7.3.0 (OpenWrt 18.06) lwr/lwl are used in the
assembly of LzmaProps_Decode. While the decission made by the compiler
looks perfect fine, it triggers some obscure hang on lantiq danube-s
v1.5 with MX29LV640EB NOR flash chips.
Only if the offset 1 is used, the hang can be observed. Using any other
offset works fine:
lwl s0,0(a1) - s0 == 0x6d000080
lwl s0,1(a1) - hangs
lwl s0,2(a1) - s0 == 0x0080xxxx
lwl s0,3(a1) - s0 == 0x80xxxxxx
It isn't clear whether it is a limitation of the flash chip, the EBU or
something else.
Force 8bit reads to prevent gcc optimizing the read with lwr/lwl
instructions.
Signed-off-by: Mathias Kresin <dev@kresin.me>
P&W R619AC is a IPQ4019 Dual-Band AC1200 router.
It is made by P&W (p2w-tech.com) known as P&W R619AC
but marketed and sold more popularly as G-DOCK 2.0.
Specification:
* SOC: Qualcomm Atheros IPQ4019 (717 MHz)
* RAM: 512 MiB
* Flash: 16 MiB (NOR) + 128 MiB (NAND)
* Ethernet: 5 x 10/100/1000 (4 x LAN, 1 x WAN)
* Wireless:
- 2.4 GHz b/g/n Qualcomm Atheros IPQ4019
- 5 GHz a/n/ac Qualcomm Atheros IPQ4019
* USB: 1 x USB 3.0
* LED: 4 x LAN, 1 x WAN, 2 x WiFi, 1 x Power (All Blue LED)
* Input: 1 x reset
* 1 x MicroSD card slot
* Serial console: 115200bps, pinheader J2 on PCB
* Power: DC 12V 2A
* 1 x Unpopulated mPCIe Slot (see below how to connect it)
* 1 x Unpopulated Sim Card Slot
Installation:
1. Access to tty console via UART serial
2. Enter failsafe mode and mount rootfs
<https://openwrt.org/docs/guide-user/troubleshooting/failsafe_and_factory_reset>
3. Edit inittab to enable shell on tty console
`sed -i 's/#ttyM/ttyM/' /etc/inittab`
4. Reboot and upload `-nand-factory.bin` to the router (using wget)
5. Use `sysupgrade` command to install
Another installation method is to hijack the upgrade server domain
of stock firmware, because it's using insecure http.
This commit is based on @LGA1150(at GitHub)'s work
<a4932c8d5a>
With some changes:
1. Added `qpic_bam` node in dts. I don't know much about this,
but I observed other dtses have this node.
2. Removed `ldo` node under `sd_0_pinmux`, because `ldo` cause SD card not
working. This fix is from
<51143b4c75>
3. Removed the 32MB NOR variant.
4. Removed `cd-gpios` in `sdhci` node, because it's reported that it makes
wlan2g led light up.
5. Added ethphy led config in dts.
6. Changed nand partition label from `rootfs` to `ubi`.
About the 128MiB variant: The stock bootloader sets size of nand to 64MiB.
But most of this devices have 128MiB nand. If you want to use all 128MiB,
you need to modify the `MIBIB` data of bootloader. More details can be
found on github:
<https://github.com/openwrt/openwrt/pull/3691#issuecomment-818770060>
For instructions on how to flash the MIBIB partition from u-boot console:
<https://github.com/openwrt/openwrt/pull/3691#issuecomment-819138232>
About the Mini PCIe slot: (from "ygleg")
"The REFCLK signals on the Mini PCIe slot is not connected on
this board out of the box. If you want to use the Mini PCIe slot
on the board, you need to (preferably) solder two 0402 resistors:
R436 (REFCLK+) and R444 (REFCLK-)..."
This and much more information is provoided in the github comment:
<https://github.com/openwrt/openwrt/pull/3691#issuecomment-968054670>
Signed-off-by: Richard Yu <yurichard3839@gmail.com>
Signed-off-by: DENG Qingfang <dqfext@gmail.com>
[Added comment about MIBIB+128 MiB variant. Added commit
message section about pcie slot. Renamed gpio-leds' subnodes
and added color, function+enum properties.]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
eb0a3ee fw4.uc: Do not quote port ranges
c5a8e3e tests: adapt test to new ICMP print logic
Also start using $(AUTORELEASE)
Signed-off-by: Paul Spooren <mail@aparcar.org>
Simply reading /proc/*/stat as a space-separated string will not work
as the process name may itself contain spaces. Hence we must match on
the '(' and ')' characters around the process name and can then handle
the remaining string as space-separated values.
This fixes shell error messages which have been popping up the console
due to spaces in process names being interpreted as field separators.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The nl80211_set_wiphy() function was changed between kernel 5.11 and
5.12 to take the rdev->wiphy lock which should be freed at the end
again. The 500-mac80211_configure_antenna_gain.patch added some code
which just returned in some cases without unlocking. This resulted in a
deadlock with brcmfmac.
This patch fixes this by also jumping to the out label in case we want
to leave the function.
This fixes a hanging system when brcmfmac is in use. I do not know why
we do not see this with other driver.
The kernel returns very useful debug details when setting these OpenWrt
configuration options:
CONFIG_KERNEL_DETECT_HUNG_TASK=y
CONFIG_KERNEL_PROVE_LOCKING=y
Fixes: FS#4122
Fixes: b96c2569ac ("mac80211: Update to version 5.12.19-1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
from https://git.kernel.org/pub/scm/network/iproute2/iproute2.git
changes since 5.14.0:
ad3a118f rdma: Fix SRQ resource tracking information json
7a235a10 man: devlink-port: fix pfnum for devlink port add
229eaba5 uapi: pickup fix for xfrm ABI breakage
a500c5ac lib/bpf: fix map-in-map creation without prepopulation
7c032cac man: devlink-port: remove extra .br
04ee8e6f man: devlink-port: fix style
14802d84 man: devlink-port: fix the devlink port add synopsis
897772a7 cmd: use spaces instead of tabs for usage indentation
e7a98a96 mptcp: unbreak JSON endpoint list
2f5825cb lib: bpf_legacy: fix bpffs mount when /sys/fs/bpf exists
d756c08a tc/f_flower: fix port range parsing
92e32f77 uapi: updates from 5.15-rc1
e7e0e2ce iptuntap: fix multi-queue flag display
deef844b man: ip-link: remove double of
a3272b93 configure: restore backward compatibility
ceba5930 tree-wide: fix some typos found by Lintian
7a705242 ip: remove leftovers from IPX and DECnet
8ab1834e uapi: update headers from 5.15 merge
6d0d35ba ip/bond: add lacp active support
926ad641 Update kernel headers
c730bd0b ip/tunnel: always print all known attributes
df8912ed ipioam6: use print_nl instead of print_null
7e7270bb tc/skbmod: Introduce SKBMOD_F_ECN option
86c596ed IOAM man8
2d83c710 New IOAM6 encap type for routes
f0b3808a Add, show, link, remove IOAM namespaces and schemas
acbdef93 Import ioam6 uapi headers
2d6fa30b Update kernel headers
508ad89c ipneigh: add support to print brief output of neigh cache in tabular format
* update patch 170-ip_tiny.patch to accomodate ioam.
Signed-off-by: Russell Senior <russell@personaltelco.net>
