Commit Graph

4378 Commits

Author SHA1 Message Date
Paul Donald
9857b41fe9 dnsmasq: add handling of filter-rr to init script
dnsmasq v2.90 introduced `--filter-rr=<rrtype>[,<rrtype>...]`.

uci config usage:

config dnsmasq
    ...
    option filter_rr 'AAAA,CNAME,NXDOMAIN,SRV,...'

The dnsmasq instance internally builds a linked list of RR to filter
from the individually supplied parameters, so it's harmless to provide
synonyms:

... --filter-A --filter-rr=A ...

See https://forum.openwrt.org/t/resolving-query-type-65-to-local-address-for-ios-clients-in-dnsmasq/179504/23

Tested on: 23.05.2

Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Tested-by: Vladimir Kochkovski <ask@getvladimir.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-10-20 21:56:16 +02:00
Rany Hany
913368a223 hostapd: add support for SAE in PPSK option
This patch allows the use of SAE when using PPSK after
https://w1.fi/cgit/hostap/commit/?id=fcbdaae8a52e542705a651ee78b39b02935fda20
added support for it.

It also implements a fix so that this option works with SAE. The reason this
doesn't work out of the box is because OpenWRT deviates from hostapd defaults
by setting `sae_pwe` option to 2 which makes this mode not function properly
(results in every auth attempt being denied).

That issue was addressed by not overriding hostapd's default for the `sae_pwe`
option when the PPSK option is in use. This should be fine because hostapd's
test cases specifically test this mode with the default SAE parameters. See:
https://w1.fi/cgit/hostap/commit/?id=c34b35b54e81dbacd9dee513b74604c87f93f6a3

Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/16343
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-10-20 19:27:08 +02:00
Rodrigo B. de Sousa Martins
44b1993f76 iptables: backport "nft: track each register individually" from 1.9
From the upstream repo:

Instead of assuming only one register is used, track all 16 regs
individually.

This avoids need for the 'PREV_PAYLOAD' hack and also avoids the need to
clear out old flags:

When we see that register 'x' will be written to, that register state is
reset automatically.

Existing dissector decodes
ip saddr 1.2.3.4 meta l4proto tcp
... as
-s 6.0.0.0 -p tcp

iptables-nft -s 1.2.3.4 -p tcp is decoded correctly because the expressions
are ordered like:

meta l4proto tcp ip saddr 1.2.3.4
                                                                                                                                                                                                                   |
... and 'meta l4proto' did clear the PAYLOAD flag.

The simpler fix is:
		ctx->flags &= ~NFT_XT_CTX_PAYLOAD;

in nft_parse_cmp(), but that breaks dissection of '1-42', because
the second compare ('cmp lte 42') will not find the
payload expression anymore.

This commit fixes #11169 and openwrt/packages#22727, and potentially anyone that uses iptables-nft legacy support.

Signed-off-by: Rodrigo B. de Sousa Martins <rodrigo.sousa.577@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16504
[Added patch header]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-10-19 19:42:37 +02:00
Felix Fietkau
f9f2dd1d93 firewall: update to Git HEAD (2024-10-18)
ffba75c9cd8f iptables: free xtables_match if found in need_protomatch
bf1d5fdf6234 iptables: fix regression with unintended free in need_protomatch
1aef9791a21e defaults.c: fix ipv6 flow offloading

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-10-18 08:03:34 +02:00
Stijn Tintel
2d350fded6 xdp-tools: bump to 1.4.3
Release notes:
https://github.com/xdp-project/xdp-tools/releases/tag/v1.4.3

Remove upstreamed patch
023-libxdp-fix-compilation-on-multiarch-systems.patch.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2024-10-13 22:29:51 +03:00
Shiji Yang
eb05baff7f ppp: clean up makefile
The latest ppp version seems to no longer require these ancient
build fixes.

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16605
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-10-12 15:53:06 +02:00
Shiji Yang
7eb6bf1ac9 ppp: remove discovery phase timeout hack patch
In the original code, the entire time delay of the discovery phase
is only 5+5x2+5x2x2 = 35s. Increasing timeout may be necessary if
discovery phase fails on first attempt. There is a chance to fix
the "Timeout waiting for PADO packets" issue by removing this patch.

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16605
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-10-12 15:53:06 +02:00
Shiji Yang
8766a92766 ppp: remove uClibc wtmp hack patch
The uClibc library support was removed since commit:
57fe7d5401 ("toolchain: remove uClibc install stuff")

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16605
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-10-12 15:53:06 +02:00
Shiji Yang
3e668c6d02 ppp: update to 2.5.1
ChangeLog:
https://github.com/ppp-project/ppp/blob/ppp-2.5.1/ChangeLog

Suppressed patches:
010-use_target_for_configure.patch [1]
510-pptp_compile_fix.patch [2]
520-u_int_bsd_fix.patch [3]

Upstreamed patches:
330-retain_foreign_default_routes.patch [4]
521-remove_unused_openssl_dep.patch [5]

[1] e48a9b5de4
[2] Merged into "500-add-pptp-plugin.patch"
[3] 797cdae57c
[4] 9856f47063
[5] 59342ab622

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16605
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-10-12 15:53:06 +02:00
Sergey Ivanov
9cecf2b16e ppp: update to 2.5.0
ChangeLog:
https://github.com/ppp-project/ppp/blob/ppp-2.5.0/ChangeLog

Upstreamed patches:
120-debian_ipv6_updown_option.patch [1]
133-fix_sha1_include.patch [2]
140-pppd-Fix-compilation-with-older-glibc-or-kernel-head.patch [3]
141-Expand-byte-count-statistics-to-64-bits-298.patch [4]
142-pppd-Add-support-for-registering-ppp-interface-via-L.patch [5]
143-pppd-Workaround-for-generating-ppp-unit-id-on-Linux-.patch [6]
144-pppd-Retry-registering-interface-when-on-rtnetlink-E.patch [7]

Suppressed patches:
200-makefile.patch [8]
201-mppe_mppc_1.1.patch [9]
203-opt_flags.patch [10]
300-filter-pcap-includes-lib.patch [11]
511-pptp_cflags.patch [12]
600-Revert-pppd-Use-openssl-for-the-DES-instead-of-the-l.patch [13]
610-pppd_compile_fix.patch [14]

[1] 7f8c1a1f8e
[2] ba7f7e053d
[3] 98ec18f098
[4] 81ad945630
[5] 4a54e34cf5
[6] 44609bfc97
[7] 089687fbcc
[8] enable_eaptls=no, with_pcap=no, HAVE_CRYPT_H=1 in configure
[9] enable_microsoft_extensions=yes, MPPC support is removed.
[10] fPIC ignored so far
[11] done by autotools
[12] in main patch for pptp plugin
[13] with_openssl=no, already in upstream ppp-des.c
[14] with_static_pcap=yes from patch 310

Signed-off-by: Sergey Ivanov <icegood1980@gmail.com>

* Fix package hash.
* Fix multilink variant build.
* Fix some compile errors.
* Some code format fixes.
* Refactor commit message.
* Rebase git and fix conflicts.

Co-authored-by: Shiji Yang <yangshiji66@qq.com>
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16605
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-10-12 15:53:06 +02:00
Felix Fietkau
7e942c53b2 netifd: update to Git HEAD (2024-10-06)
3c6265fdbd02 wireless: reload wireless device if any vif network bridge changes ifindex

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-10-11 14:40:09 +02:00
Felix Fietkau
12c1a56ec0 hostapd: reload bss if a relevant ifindex changes
This can happen if the bridge or a stacked vlan device gets recreated.
Ensure that hostapd sees the change and handles it gracefully.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-10-06 20:09:19 +02:00
Rui Salvaterra
685fa051d5 iproute2: fix tc-tiny build failure
htobe64 usage requires including endian.h, otherwise tc-tiny fails to build.

Fixes: 6262366381 ("iproute2: update to 6.11.0")
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16609
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-10-06 03:43:14 +02:00
Hauke Mehrtens
6262366381 iproute2: update to 6.11.0
Release Notes:
https://lore.kernel.org/netdev/20240717090601.20b2871f@hermes.local/T/
https://lwn.net/Articles/990423/

Remove patch `401-bridge-vlan.c-bridge-vlan.c-fix-build-with-gcc-14-on.patch`
because it is upstream now.

Backport two patches to fix build problems in bridge/mst.c

Small size increase:
 38538 bin/packages/mips_24kc-old/base/devlink_6.9.0-r1_mips_24kc.ipk
  7713 bin/packages/mips_24kc-old/base/genl_6.9.0-r1_mips_24kc.ipk
 31875 bin/packages/mips_24kc-old/base/ip-bridge_6.9.0-r1_mips_24kc.ipk
187733 bin/packages/mips_24kc-old/base/ip-full_6.9.0-r1_mips_24kc.ipk
126538 bin/packages/mips_24kc-old/base/ip-tiny_6.9.0-r1_mips_24kc.ipk
  7619 bin/packages/mips_24kc-old/base/nstat_6.9.0-r1_mips_24kc.ipk
 20704 bin/packages/mips_24kc-old/base/rdma_6.9.0-r1_mips_24kc.ipk
 37607 bin/packages/mips_24kc-old/base/ss_6.9.0-r1_mips_24kc.ipk
158909 bin/packages/mips_24kc-old/base/tc-bpf_6.9.0-r1_mips_24kc.ipk
160459 bin/packages/mips_24kc-old/base/tc-full_6.9.0-r1_mips_24kc.ipk
135846 bin/packages/mips_24kc-old/base/tc-tiny_6.9.0-r1_mips_24kc.ipk
 38669 bin/packages/mips_24kc-new/base/devlink_6.11.0-r1_mips_24kc.ipk
  7719 bin/packages/mips_24kc-new/base/genl_6.11.0-r1_mips_24kc.ipk
 32676 bin/packages/mips_24kc-new/base/ip-bridge_6.11.0-r1_mips_24kc.ipk
188920 bin/packages/mips_24kc-new/base/ip-full_6.11.0-r1_mips_24kc.ipk
127313 bin/packages/mips_24kc-new/base/ip-tiny_6.11.0-r1_mips_24kc.ipk
  7612 bin/packages/mips_24kc-new/base/nstat_6.11.0-r1_mips_24kc.ipk
 21065 bin/packages/mips_24kc-new/base/rdma_6.11.0-r1_mips_24kc.ipk
 37726 bin/packages/mips_24kc-new/base/ss_6.11.0-r1_mips_24kc.ipk
158921 bin/packages/mips_24kc-new/base/tc-bpf_6.11.0-r1_mips_24kc.ipk
160510 bin/packages/mips_24kc-new/base/tc-full_6.11.0-r1_mips_24kc.ipk
136352 bin/packages/mips_24kc-new/base/tc-tiny_6.11.0-r1_mips_24kc.ipk

Link: https://github.com/openwrt/openwrt/pull/16589
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-10-05 12:39:13 +02:00
Hauke Mehrtens
8c2dcd1518 ethtool: update to 6.10
Release Notes:
https://lore.kernel.org/netdev/20240128235634.4ni2lbvzqjlwbgi4@lion.mk-sys.cz/T/
https://lore.kernel.org/netdev/jylgitumxz72a2hfzsujnwvxpkuzcw3wcwebodthtpvtkfgmlp@rfoix5dyh2bg/T/
https://lore.kernel.org/netdev/ssn37ocuhjyx3k5xoq53uvb3voo2qxnwvuwgephb4cc5lbw5ei@5fkqwsfdzlcu/T/

Small size increase:
 34937 bin/packages/mips_24kc-old/base/ethtool_6.6-r1_mips_24kc.ipk
154818 bin/packages/mips_24kc-old/base/ethtool-full_6.6-r1_mips_24kc.ipk
 35780 bin/packages/mips_24kc-new/base/ethtool_6.10-r1_mips_24kc.ipk
157386 bin/packages/mips_24kc-new/base/ethtool-full_6.10-r1_mips_24kc.ipk

Link: https://github.com/openwrt/openwrt/pull/16590
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-10-05 12:37:10 +02:00
Hauke Mehrtens
a8018f3210 wifi-scripts: Fix typo in EHT320 name
All other places name it EHT320.

Fixes: b478b7b1f7 ("wifi-scripts: detect and configure EHT")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-10-03 15:37:24 +02:00
Felix Fietkau
c1e43c36b4 wifi-scripts: add better defaults for 6 GHz interop
Indicate stationary AP and set default 6G regulatory power type to indoor

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-10-02 18:17:26 +02:00
John Crispin
e428d7999a dropbear: add a uci-defaults script for loading authorized keys
Write the ssh authorized key to /etc/dropbear/ssh_authorized_keys if present
inside boad.json.

Signed-off-by: John Crispin <john@phrozen.org>
2024-10-02 15:41:33 +02:00
John Crispin
b506a305fe wifi-scripts: populate default wifi credentials and country code from board.json
Signed-off-by: John Crispin <john@phrozen.org>
2024-10-02 15:41:33 +02:00
John Crispin
3ed5f6430b hostapd: send a notification via ubus when CSA completed
Signed-off-by: John Crispin <john@phrozen.org>
2024-10-02 15:19:42 +02:00
John Crispin
dd62f7659b hostapd: add ifname to generic ubus notify code
Signed-off-by: John Crispin <john@phrozen.org>
2024-10-02 15:19:34 +02:00
John Crispin
711885ad68 hostapd: add ifname and vlan_id to sta-authorized notifications
Signed-off-by: John Crispin <john@phrozen.org>
2024-10-02 15:19:27 +02:00
John Crispin
dc48732ea7 hostapd: add the ifname to ubus events
Signed-off-by: John Crispin <john@phrozen.org>
2024-10-02 15:19:21 +02:00
John Crispin
8bfea41eef umdns: update to latest HEAD
fbaca4b cache: improve update call by doing a full refresh probe
93c9036 dns: reply to A/AAAA questions for additional hostnames

Signed-off-by: John Crispin <john@phrozen.org>
2024-10-02 15:19:13 +02:00
Janusz Dziedzic
b478b7b1f7 wifi-scripts: detect and configure EHT
Check if EHT/11BE supported, configure in board.json
and config/wireless.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2024-10-02 15:12:18 +02:00
Janusz Dziedzic
c201905d05 wifi-scripts: mac80211.sh: enable EHT320
For EHT320 we should also enable HE160.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2024-10-02 15:12:18 +02:00
Janusz Dziedzic
42185bf429 wifi-scripts: mac80211.sh: allow EHT* sets
Allow to configure 80211BE.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2024-10-02 15:12:18 +02:00
Janusz Dziedzic
d1fc8c3db0 hostapd: fix build when 80211BE enabled
In file included from hostapd-wpad-basic-mbedtls/hostapd-2024.03.09~695277a5/src/ap/ubus.h:11,
                 from hostapd-wpad-basic-mbedtls/hostapd-2024.03.09~695277a5/src/ap/hostapd.h:21,
                 from main.c:26:
hostapd-2024.03.09~695277a5/src/ap/sta_info.h: In function 'ap_sta_is_mld':
hostapd-2024.03.09~695277a5/src/ap/sta_info.h:425:20: error: invalid use of undefined type 'struct hostapd_data'
  425 |         return hapd->conf->mld_ap && sta && sta->mld_info.mld_sta;
      |                    ^~

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2024-10-02 15:12:18 +02:00
Janusz Dziedzic
b1d6068330 hostapd: add CONFIG_DRIVER_11BE_SUPPORT
Add option to enable 802.11BE support.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2024-10-02 15:12:18 +02:00
John Crispin
52e8aeabee iwinfo: update to latest HEAD
714e419 iwinfo: fix EHT mode reporting for STA interfaces
7eed433 devices: add device id for MediaTek MT7996e

Signed-off-by: John Crispin <john@phrozen.org>
2024-10-02 15:12:18 +02:00
Felix Fietkau
d3628ca209 wifi-scripts: wifi-detect.uc: skip null entries on nl80211 phy dump
This can happen on incomplete device probe

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-10-01 14:45:58 +02:00
Chen Minqiang
105a5790b7 comgt: directip: add delegate option support
Ipv6 delegate option is not respected by proto directip
this add support for it.

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15508
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-22 23:43:08 +02:00
Chen Minqiang
8a5db2ff3c comgt: directip: add sourcefilter option support
This make source based IPv6 routing option available for directip

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15508
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-22 23:43:08 +02:00
Chen Minqiang
a97b7af33e qmi: add delegate option support
Ipv6 delegate option is not respected by proto qmi
this add support for it.

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15508
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-22 23:43:08 +02:00
Chen Minqiang
0371a4c814 ncm: add delegate option support
Ipv6 delegate option is not respected by proto ncm
this add support for it.

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15508
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-22 23:43:08 +02:00
Chen Minqiang
72d9e4fc31 mbim: add delegate option support
Ipv6 delegate option is not respected by proto mbim
this add support for it.

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15508
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-22 23:43:08 +02:00
Chen Minqiang
01d257e95f ppp: add delegate option support
Ipv6 delegate option is not respected by proto of ppp/pptp/pppoe/pppoa
this add support for them.

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15508
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-22 23:43:08 +02:00
Jianhui Zhao
b4dfa3b33c hostapd: fix UPDATE_VAL fail in uc_hostapd_iface_start
If the `intval` obtained from `info` is indeed 0, it cannot be set to `conf`.

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15495
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-22 23:36:46 +02:00
Lev A. Melnikovsky
b0aecfaa4f hostapd-common: add missing ingredients for standalone EAP server
Namely radius_server_auth_port and radius_server_clients arguments. Below is a working config example:

config wifi-iface 'enterprise1'
        option device 'radio1'
        option mode 'ap'
        option network 'lan'
        option ssid 'openwrt'
        option encryption 'wpa2'
        option dh_file '/etc/hostapd/dh.pem'
        option eap_server '1'
        option eap_user_file '/etc/hostapd/eap_user'
        option ca_cert '/etc/hostapd/ca.pem'
        option server_cert '/etc/hostapd/server.crt'
        option private_key '/etc/hostapd/server.key'
        option radius_server_clients '/etc/hostapd/radius_clients'
        option radius_server_auth_port 1812

config wifi-iface 'enterprise2'
        option device 'radio2'
        option mode 'ap'
        option network 'lan'
        option ssid 'openwrt'
        option encryption 'wpa2'
        option dh_file '/etc/hostapd/dh.pem'
        option auth_server '127.0.0.1'
        option auth_secret 'radius_secret'
        option auth_cache '0'

Signed-off-by: Lev A. Melnikovsky <melnikovsky@gmail>
Link: https://github.com/openwrt/openwrt/pull/16112
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-22 23:25:14 +02:00
Ivan Pavlov
6b9e008ab7 tcpdump: update to 4.99.5
Changes: https://git.tcpdump.org/tcpdump/blob/4a789712f187e3ac7b2c0044c3a3f8c71b83646e:/CHANGES

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16402
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-22 17:53:13 +02:00
Aleksandr V. Piskunov
a47bf906cd 6in4: add 'nohostroute' option
Same as 'nohostroute' option for GRE tunnels (commit 0f8b9addfc)
and IPIP tunnels (commit 46ce629fe0)

Signed-off-by: Aleksandr V. Piskunov <aleksandr.v.piskunov@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15961
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-22 16:28:52 +02:00
Aleksandr V. Piskunov
6b5aea7429 6in4: Support fqdn as remote tunnel endpoint
Same as fqdn support in GRE (commit a79f3d11b3) and IPIP (commit 311682905e)

Signed-off-by: Aleksandr V. Piskunov <aleksandr.v.piskunov@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15961
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-22 16:28:51 +02:00
Aleksandr V. Piskunov
cdb535ac32 6in4: allow specifying tunnel device name
Accept 'device' option, allowing to specify custom l3 device name,
instead of default autogenerated one (prefix "6in4-" + interface name)

Signed-off-by: Aleksandr V. Piskunov <aleksandr.v.piskunov@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15961
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-22 16:28:51 +02:00
Pawel Dembicki
832abf0109 restool: bump to lf-6.6.23-2.0.0
This commit bumps restool layerscape package to lf-6.6.23-2.0.0 version.

Patch was refreshed.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16360
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-22 16:21:02 +02:00
Felix Fietkau
df1011e0b7 hostapd: fix OWE ssid update on configuration changes
Refresh OWE transition IEs on updating BSS interfaces

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-09-21 20:37:41 +02:00
Felix Fietkau
81a48e7d1a wpa_supplicant: fix num_global_macaddr handling
Pass num_global_macaddr via ubus in the top level config_set call

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-09-21 20:33:45 +02:00
Felix Fietkau
b4e7682c54 hostapd: fix num_global_macaddr and mbssid config handling
Store the config values in the correct field and apply them on restart too

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-09-21 20:14:51 +02:00
Felix Fietkau
1a288670d9 hostapd: fold extra APuP patches into main patch + src/
Simplifies maintenance

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-09-21 18:33:52 +02:00
Felix Fietkau
127078567b hostapd: improve ucode bss notifications
Reduce code duplication, add extra callback for bss create

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-09-21 18:32:26 +02:00
Felix Fietkau
3727731e6a netifd: update to Git HEAD (2024-09-21)
24f9a93a9559 interface: fix regression on adding hotplug devices to interfaces

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-09-21 18:28:40 +02:00
Mieczyslaw Nalewaj
e67aa1d5bf packages: remove remnants of kernels below 6.6
Remove remnants of kernels below 6.6.

Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/16432
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-21 13:03:49 +02:00
Felix Fietkau
3efdc8e16d qosify: update to Git HEAD (2024-09-20)
850cc271083d qosify: add support for keeping stats
1501e0935175 bpf_skb_utils.h: add missing include to fix build against newer kernel headers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-09-20 23:17:43 +02:00
Daniel Golle
80347989ee iwinfo: update to git HEAD
Add support for 802.11be (HE) radios.

 4b7c47c iwinfo: sync with upstream nl80211.h
 268a662 iwinfo: add basic IEEE 802.11be support

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-09-17 19:07:53 +01:00
Ivan Pavlov
da11a1e20c hostapd: update to version 2024-09-15
Remove upstreamed from 2.11 release:
  060-nl80211-fix-crash-when-adding-an-interface-fails.patch

Rebase all other patches

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16338
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-16 10:32:43 +02:00
Ivan Pavlov
395afc4c58 hostapd: update to 2.11 release tag
Release 2.11 has been quite a few new features and fixes since the 2.10
release. The following ChangeLog entries highlight some of the main
changes:

* Wi-Fi Easy Connect
  - add support for DPP release 3
  - allow Configurator parameters to be provided during config exchange
* HE/IEEE 802.11ax/Wi-Fi 6
  - various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
  - add preliminary support
* SAE: add support for fetching the password from a RADIUS server
* support OpenSSL 3.0 API changes
* support background radar detection and CAC with some additional
  drivers
* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
* EAP-SIM/AKA: support IMSI privacy
* improve 4-way handshake operations
  - use Secure=1 in message 3 during PTK rekeying

...and many more

Remove upstreamed patches:
  023-ndisc_snoop-call-dl_list_del-before-freeing-ipv6-add.patch
  030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch
  040-mesh-allow-processing-authentication-frames-in-block.patch
  181-driver_nl80211-update-drv-ifindex-on-removing-the-fi.patch
  182-nl80211-move-nl80211_put_freq_params-call-outside-of.patch
  183-hostapd-cancel-channel_list_update_timeout-in-hostap.patch
  210-build-de-duplicate-_DIRS-before-calling-mkdir.patch
  253-qos_map_set_without_interworking.patch
  751-qos_map_ignore_when_unsupported.patch
  800-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
  801-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
  802-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch

Other patches has been updated.

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16338
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-16 10:32:43 +02:00
Daniel Golle
2f7369150b netifd: revert problematic ethtool hack
02aa43d Revert "system-linux: re-apply ethtool on phy attachment"

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-09-12 15:42:20 +02:00
Christian Svensson
01ae39a0b2 wireguard-tools: accept iproute2 as dependency
If the user has ip-tiny or ip-full installed there is no need to depend on
BusyBox having any form of `ip` or `ip link` applets.

Signed-off-by: Christian Svensson <blue@cmd.nu>
Link: https://github.com/openwrt/openwrt/pull/16062
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-06 23:35:02 +02:00
Gioacchino Mazzurco
d760576132 hostapd: ensure that interface name is not null
Include hotfix suggested by Sebastian Gottschall to fix bug introduced
with APuP patchset

Signed-off-by: Gioacchino Mazzurco <gio@polymathes.cc>
Link: 0c3001a69e
Link: https://github.com/openwrt/openwrt/pull/16298
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-06 22:42:42 +02:00
Felix Fietkau
e7ea93e1e3 netifd: update to Git HEAD (2024-09-05)
61c606d6e66b device: simplify external device settings handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-09-05 10:16:19 +02:00
Eric Long
21b155e0ff bpftool: add host build
Besides probing BPF information in running system, bpftool is also used in
generating skeleton, dumping BTF, etc. that is widely used in modern BPF
development. Make it available as a host tool so that we can use it in
package build.

Tested build targeting malta/le on Arch Linux x86_64. bpftools currently
does not support processing cross-endian BPF objects, so big-endian host
is needed to build for big-endian targets using bpftools.

Signed-off-by: Eric Long <i@hack3r.moe>
Link: https://github.com/openwrt/openwrt/pull/16122
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-04 00:06:34 +02:00
Felix Fietkau
2bec6f48e6 netifd: update to Git HEAD (2024-09-03)
480551a3adc4 interface: add support for disabling renew on topology change
b7b294266781 device: add more debugging code
595094f5c213 device: do not pull device present state from hotplug events
4e11e52e9b98 main: add messages to udebug regardless of their log level
091d063f4a9d wireless: handle link updates even if devices are present already
a8e90853c936 interface: improve hotplug handling reliability
cdb41673ceea device: remove redundant newlines from debug messages
cd2a7964f2c0 device: revert to explicit device_set_present calls

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-09-03 15:14:42 +02:00
Jan Hoffmann
cf6d52f45a ltq-vdsl-vr11-app: perform orderly shutdown on exit
Try to do a clean disconnection via L3 request before the connection is
stopped.

Because this might take up to 6 seconds (the driver does 3 attempts with
a timeout of 2 seconds each), a termination timeout needs to be defined
in the init script.

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
2024-08-31 19:40:21 +02:00
Jan Hoffmann
23826115e1 ltq-vdsl-vr11-app: always disconnect on exit
Move the code for disconnection on exit to a separate function, and also
call it in the code paths for SIGINT and the "quit" CLI command.

While at it, make the patch description a bit clearer.

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
2024-08-31 19:40:21 +02:00
Jan Hoffmann
663389c4cf ltq-vdsl-vr9-app: always disconnect on exit
Move the code for disconnection on exit to a separate function, and also
call it in the code path for the "quit" CLI command.

While at it, make the patch description a bit clearer.

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
2024-08-31 19:40:21 +02:00
Jan Hoffmann
a78ad43d1d ltq-vdsl-vr11-app: fix error handling during disconnection
Use the correct return value in error message.

Fixes: 6e4c9738be ("ltq-vdsl-vr11-app: add version 4.23.1 for vr11 targets")
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
2024-08-31 19:40:21 +02:00
Jan Hoffmann
df6284b079 ltq-vdsl-vr9-app: fix error handling during disconnection
Use the correct return value in error message.

Fixes: 1daaef31b3 ("ltq-vdsl-app: disconnect when service is stopped")
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
2024-08-31 19:40:21 +02:00
Sarah Maedel
8de185a176 hostapd: fix anqp_3gpp_cell_net list delimiter
This patch fixes the list delimiter between 3GPP networks
passed to hostapd.

> list iw_anqp_3gpp_cell_net '262,001'
> list iw_anqp_3gpp_cell_net '262,002'

When passing a list of "iw_anqp_3gpp_cell_net" parameters via UCI,
hostapd would crash at startup:
> daemon.err hostapd: Line 73: Invalid anqp_3gpp_cell_net: 262,001:262,002

Using a semicolon as a delimiter, hostapd will start as expected.

Signed-off-by: Sarah Maedel <git@tbspace.de>
2024-08-28 11:57:23 +02:00
David Bauer
ebe7c5f1a3 uqmi: update to latest HEAD
28b48a1 uim: add support for ICC communication channel
f582e00 qmi: fix dynamic array macro
d381f80 data: add support for ICC channel

Signed-off-by: David Bauer <mail@david-bauer.net>
2024-08-25 23:25:45 +02:00
Carsten Schuette
57c600dc27 dnsmasq: Add EDNS0 Upstream support
Forward client mac address and subnet on dns queries. Pi-hole and Adguard use this feature to send the originators ip address/subnet so it can be logged and not just the nat address of the router. This feature has been added since version 2.56 of dnsmasq and would be nice to expose this feature in openwrt.

Signed-off-by: Carsten Schuette <schuettecarsten@googlemail.com>
Link: https://github.com/openwrt/openwrt/pull/15965
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-08-24 21:25:17 +02:00
Matt Eaton
60951f0515 xfrm: remove requirement for underlying device
Since kernel 5.3, phydev (dev) is no longer required

   torvalds/linux@22d6552

Signed-off-by: Matt Eaton <git@divinehawk.com>
Link: https://github.com/openwrt/openwrt/pull/16046
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-08-19 18:49:49 +02:00
Sylvain Monné
88186c85f9 uhttpd: restart daemon if certificate has changed
Fixes #16075

When the SSL certificate used by uhttpd has been changed, calling
`/etc/init.d/uhttpd reload` will now have the effect of restarting the
daemon to make the change effective.

Signed-off-by: Sylvain Monné <sylvain@monne.contact>
Link: https://github.com/openwrt/openwrt/pull/16076
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-08-19 18:46:08 +02:00
Hannu Nyman
0b7d99147b uhttpd: Decrease the default validity time of certificate
The recommended maximum validity period is currently 397 days
and some browsers throw warning with longer periods.

Reference to
https://cabforum.org/working-groups/server/baseline-requirements/
 6.3.2 Certificate operational periods and key pair usage periods
 Subscriber Certificates issued on or after 1 September 2020
 SHOULD NOT have a Validity Period greater than 397 days and
 MUST NOT have a Validity Period greater than 398 days.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/15366
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-08-13 21:07:13 +02:00
Pat Fruth
db4e8ef952 uhttpd: Include new extensions in uhttpd self-signed certs
The introduction of MacOS Catalina includes new requirements for self-signed certificates.
See: https://support.apple.com/en-us/HT210176
These new requirements include the addition of two TLS server certificate extensions.
- extendedKeyUsage
- subjectAltName
The extendedKeyUsage must be set to serverAuth.
The subjectAltName must be set to the DNS name of the server.
In the absense of these new extensions, when the LUCI web interface is configured to use HTTPS and
self-signed certs, MacOS user running Google Chrome browsers will not be able to access the LUCI web enterface.
If you are generating self-signed certs which do not include that extension, Chrome will
report "NET::ERR_CERT_INVALID" instead of "NET::ERR_CERT_AUTHORITY_INVALID".  You can click through to
ignore the latter, but not the former.

This change updates the uhttpd init script to generate self-signed cert that meets the new requirements.
Signed-off-by: Pat Fruth <pat@patfruth.com>
Link: https://github.com/openwrt/openwrt/pull/15366
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-08-13 21:07:13 +02:00
Gioacchino Mazzurco
e80520197c hostapd: Add support for APuP
Add support for hostapd Access Point Micro Peering

Signed-off-by: Gioacchino Mazzurco <gio@polymathes.cc>
Link: https://gitlab.com/g10h4ck/hostap/-/commits/APuP
Link: https://github.com/openwrt/openwrt/pull/15442
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-08-13 00:28:32 +02:00
Rany Hany
db7f70fe61 hostapd: fix SAE H2E security vulnerability
This patch backports fixes for a security vulnerability impacting the
hostapd implementation of SAE H2E.

As upgrading hostapd would require more testing, the second mitigation
step which involves backporting several patches was adopted as outlined
in the official advisory[1].

An explanation of the impact of the vulnerability is provided from the
advisory[1]:

This vulnerability allows the attacker to downgrade the negotiated group
to another enabled group if both the AP and STA have enabled SAE H2E and
multiple groups. It should be noted that the H2E option is not enabled
by default and the attack is not applicable to the default option, i.e.,
hunting-and-pecking, since it does not have any downgrade protection for
group negotiation. In addition, the default configuration for enabled
SAE groups in hostapd is to enable only a single group, so the
vulnerability is not applicable unless hostapd has been explicitly
configured to enable more groups for SAE.

[1]: https://w1.fi/security/2024-2/sae-h2h-and-incomplete-downgrade-protection-for-group-negotiation.txt

Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/16042
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-08-02 23:13:44 +02:00
Daniel Golle
ee8c05f9b6 netifd: update to git HEAD
68c8a4f system-linux: re-apply ethtool on phy attachment
 890929b wireless: add support for defining wifi interfaces via procd service data
 b57e40b wireless: use blobmsg_parse_attr
 7a6532f proto-shell: add proto property for skipping device config
 33ec3da CMake: bump the minimum required CMake version to 3.5

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-08-01 20:48:24 +01:00
FUKAUMI Naoki
2d31004133 wifi-scripts: add missing dependency on ucode-mod-rtnl
rtnl is used in hostap/common.uc.

$ grep -r rtnl files
files/usr/share/hostap/common.uc:import * as rtnl from "rtnl";
files/usr/share/hostap/common.uc:	     rtnl.request(rtnl.const.RTM_SETLINK, 0, { dev: reuse_ifname, ifname: name}) != false))
files/usr/share/hostap/common.uc:	rtnl.request(rtnl.const.RTM_SETLINK, 0, { dev: name, change: 1, flags: up ? 1 : 0 });

Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/15922
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-23 23:49:36 +02:00
Tan Zien
9a8111fb25 libiwinfo: update to Git HEAD (2024-07-06)
2158201 devices: add device id for Atheros AR9590

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15889
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-07-10 09:40:26 +02:00
Stijn Tintel
6b16eaf840 wifi-scripts: add missing dependency on ucode-mod-uci
Fixes the following error:

Syntax error: Unable to resolve path for module 'uci'
In line 3, byte 27:

 `import * as uci from 'uci';`
  Near here ----------------^

Fixes: 4a3ed518b2 ("wifi-scripts: rewrite wifi detect code in ucode")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2024-07-03 01:40:15 +03:00
David Bauer
89d7051485 hostapd: bump PKG_RELEASE
Signed-off-by: David Bauer <mail@david-bauer.net>
2024-06-30 22:23:11 +02:00
David Bauer
68e4cc9be5 hostapd: don't ignore probe-requests with invalid DSSS params
Don't ignore probe requests which contain an invalid DS parameter for the
current operating channel.

As the comment outlines, the drop shall only apply if
dot11RadioMeasurementActivated is set to 1.

However, it was observed Linux clients (Debian 12 / NixOS 23.11)
with an Intel 8265 NIC may generate a probe request frame with
dot11RadioMeasurementActivated set to false and an invalid DSSS
parameter.

These were also dropped even though they should not have been. They
however should not have contained this parameter in the first place.

Don't drop Probe Requests which contain such an invalid field. This may
lead to more probe responses being sent, however it does fix very
frequent connection issues for these clients on 2.4 GHz.

Signed-off-by: David Bauer <mail@david-bauer.net>
2024-06-30 22:23:11 +02:00
Sean Khan
d648ee4c58 wifi-scripts: ensure get_freq returns int (iw-6.9)
With `iw` version 6.9 frequencies are now being reported as float,
which is incompatible with wpa_supplicant's config option 'frequency'
which expects an integer.

iwinfo phy0 info output:

Version: 5.19
```
Frequencies:
  * 5180 MHz [36] (30.0 dBm)
  * 5200 MHz [40] (30.0 dBm)
  * 5220 MHz [44] (30.0 dBm)
  * 5240 MHz [48] (30.0 dBm)
  * 5260 MHz [52] (24.0 dBm)
  * 5280 MHz [56] (24.0 dBm)
  * 5300 MHz [60] (24.0 dBm)
  * 5320 MHz [64] (24.0 dBm)
  * 5500 MHz [100] (24.0 dBm)
  * 5520 MHz [104] (24.0 dBm)
  * 5540 MHz [108] (24.0 dBm)
  * 5560 MHz [112] (24.0 dBm)
  * 5580 MHz [116] (24.0 dBm)
  * 5600 MHz [120] (24.0 dBm)
  * 5620 MHz [124] (24.0 dBm)
  * 5640 MHz [128] (24.0 dBm)
  * 5660 MHz [132] (24.0 dBm)
  * 5680 MHz [136] (24.0 dBm)
  * 5700 MHz [140] (24.0 dBm)
  * 5720 MHz [144] (24.0 dBm)
  * 5745 MHz [149] (30.0 dBm)
  * 5765 MHz [153] (30.0 dBm)
  * 5785 MHz [157] (30.0 dBm)
  * 5805 MHz [161] (30.0 dBm)
  * 5825 MHz [165] (30.0 dBm)
  * 5845 MHz [169] (disabled)
  * 5865 MHz [173] (disabled)
  * 5885 MHz [177] (disabled)
```

Version: 6.9
```
Frequencies:
  * 5180.0 MHz [36] (30.0 dBm)
  * 5200.0 MHz [40] (30.0 dBm)
  * 5220.0 MHz [44] (30.0 dBm)
  * 5240.0 MHz [48] (30.0 dBm)
  * 5260.0 MHz [52] (24.0 dBm)
  * 5280.0 MHz [56] (24.0 dBm)
  * 5300.0 MHz [60] (24.0 dBm)
  * 5320.0 MHz [64] (24.0 dBm)
  * 5500.0 MHz [100] (24.0 dBm)
  * 5520.0 MHz [104] (24.0 dBm)
  * 5540.0 MHz [108] (24.0 dBm)
  * 5560.0 MHz [112] (24.0 dBm)
  * 5580.0 MHz [116] (24.0 dBm)
  * 5600.0 MHz [120] (24.0 dBm)
  * 5620.0 MHz [124] (24.0 dBm)
  * 5640.0 MHz [128] (24.0 dBm)
  * 5660.0 MHz [132] (24.0 dBm)
  * 5680.0 MHz [136] (24.0 dBm)
  * 5700.0 MHz [140] (24.0 dBm)
  * 5720.0 MHz [144] (24.0 dBm)
  * 5745.0 MHz [149] (30.0 dBm)
  * 5765.0 MHz [153] (30.0 dBm)
  * 5785.0 MHz [157] (30.0 dBm)
  * 5805.0 MHz [161] (30.0 dBm)
  * 5825.0 MHz [165] (30.0 dBm)
  * 5845.0 MHz [169] (disabled)
  * 5865.0 MHz [173] (disabled)
  * 5885.0 MHz [177] (disabled)
```

Error reported from wpa_supplicant
```console
Fri Jun 21 14:07:22 2024 daemon.err wpa_supplicant[2866]: Line 10: invalid number "5320.0"
Fri Jun 21 14:07:22 2024 daemon.err wpa_supplicant[2866]: Line 10: failed to parse frequency '5320.0'.
Fri Jun 21 14:07:22 2024 daemon.err wpa_supplicant[2866]: Line 16: failed to parse network block.
Fri Jun 21 14:07:22 2024 daemon.err wpa_supplicant[2866]: Failed to read or parse configuration '/var/run/wpa_supplicant-phy1-mesh0.conf'.
```

This affects mesh, adhoc, and client-mode WDS.

Until hostapd/wpa_supplicant is updated (or patched) to support float
frequencies, ensure `get_freq` prints out an integer.

Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/15770
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-06-22 11:34:46 +02:00
Felix Fietkau
4a3ed518b2 wifi-scripts: rewrite wifi detect code in ucode
Rely entirely on /etc/board.json instead of screen scraping iw cli output

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-06-21 11:52:26 +02:00
Felix Fietkau
31aa61503e wifi-scripts: add default channel to board.json in wifi-detect.uc
Preparation for avoiding iw calls in /lib/wifi/mac80211.sh

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-06-21 11:52:26 +02:00
Felix Fietkau
a6e1c5f01e iw: update to version 6.9
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-06-21 11:52:25 +02:00
Felix Fietkau
032d3fcf7a hostapd: use strdup on string passed to hostapd_add_iface
The data is modified within hostapd_add_iface

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-06-21 11:52:25 +02:00
Felix Fietkau
3984fb0582 hostapd: fix crash on interface setup failure
Add a missing NULL pointer check when deleting beacons

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-06-21 11:52:25 +02:00
Konstantin Demin
f3080677f5
xdp-tools: update to v1.4.2
- release notes:
  https://github.com/xdp-project/xdp-tools/releases/tag/v1.4.2
- patches rebased manually:
  - 010-configure-respect-LDFLAGS.patch

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15705
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-06-17 13:26:37 +02:00
Christian Marangi
9f6fc4f524
dropbear: don't install /usr/lib/opkg/info in package install
Don't install /usr/lib/opkg/info in package install as it doesn't make
sense and conflicts with APK installations.

Fixes: a377aa9ab5 ("add dropkey ssh keys and config files to the conffiles section (#2014)")
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-06-11 23:58:17 +02:00
Felix Fietkau
a3d1583317 Revert "hostapd: add support for authenticating with multiple PSKs via ubus helper"
This reverts commit c67d5189a4.
Revert until reported issues have been resolved

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-06-06 21:34:20 +02:00
Felix Fietkau
c67d5189a4 hostapd: add support for authenticating with multiple PSKs via ubus helper
Also supports assigning a VLAN ID based on the PSK

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-06-06 11:47:59 +02:00
Rosen Penev
2f4bb69664 packages: refresh patches
CI is supposed to catch all of these. Some of these predate CI.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2024-05-31 11:30:06 +02:00
Rui Salvaterra
2ae1330a22 iproute2: update to 6.9.0
Support for iptables action has been dropped. Remove tc-mod-iptables and related
patch (175-reduce-dynamic-syms.patch).

We also add the missing libbpf dependency for `ss` since iproute 8740ca9
("ss: add support for BPF socket-local storage") now means that `ss` requires
libbpf as well.

Fix 170-ip_tiny.patch, as the help text didn't match all the included functions.

Drop upstreamed patches 402-bpf-fix-warning-from-basename.patch
and 403-bpf-include-libgen.h-for-basename.patch.

All other patches automatically rebased.

Co-authored-by: Rany Hany <rany_hany@riseup.net>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Rany Hany <rany_hany@riseup.net>
2024-05-31 11:13:31 +02:00
Rany Hany
b2e0775bc6 iproute2: fix build on GCC 14
Upstream patches:

401-bridge-vlan.c-bridge-vlan.c-fix-build-with-gcc-14-on.patch
402-bpf-fix-warning-from-basename.patch
403-bpf-include-libgen.h-for-basename.patch

The patch (400-rdma-include-libgen.h-for-basename.patch) was not
submitted upstream but just adds a missing include for basename.

Signed-off-by: Rany Hany <rany_hany@riseup.net>
2024-05-31 11:13:31 +02:00
Georgi Valkov
32e4c50d24 ebtables: fix compilation with GCC14
Remove 100-musl_fix.patch, which is no longer needed
and causes a build error with gcc-14.

Fixes:
useful_functions.c:63:41: error: passing argument 1 of 'ether_ntoa' from incompatible pointer type [-Wincompatible-pointer-types]
   63 |                 printf("%s", ether_ntoa((struct ether_addr *) mac));
      |                                         ^~~~~~~~~~~~~~~~~~~~~~~~~
      |                                         |
      |                                         struct ether_addr *
In file included from include/ebtables_u.h:28,
                 from useful_functions.c:25:
/Volumes/wrt3200/openwrt/staging_dir/toolchain-arm_cortex-a9+vfpv3-d16_gcc-14.1.0_musl_eabi/include/netinet/ether.h:10:19: note: expected 'const struct ether_addr *' but argument is of type 'struct ether_addr *'
   10 | char *ether_ntoa (const struct ether_addr *);
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15576
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-05-28 10:41:45 +02:00
Rany Hany
3e024022c3 linux-atm: fix build with GCC 14
Basic changes to make linux-atm build without any issues with GCC 14.

Besides some errors caused by -Wpointer-sign, there was also an issue
with socklen_t not being used for getsockopt() and accept()
sometimes.

I also updated the Debian patch to include the latest changes from
version "1:2.5.1-5.1" in Debian Sid. This allowed me to drop
"600-fix-format-errors.patch" and "700-include_sockios.patch".

Signed-off-by: Rany Hany <rany_hany@riseup.net>
2024-05-24 00:09:47 +02:00
Jo-Philipp Wich
61330ddef8 firewall4: update to Git HEAD (2024-05-21)
4c01d1ebf99e fw4: substitute double quotes in strings

Fixes: https://github.com/openwrt/luci/issues/7091
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2024-05-21 08:59:13 +02:00
Konstantin Demin
2cd414c33e dropbear: clarify DROPBEAR_MODERN_ONLY option
don't mention SHA1 in order to not confuse users - SHA1 support is already disabled (except RSA-SHA1 signagures).

ref: https://github.com/openwrt/openwrt/issues/15281

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-05-09 19:35:36 +02:00
Konstantin Demin
f230d00e64 dropbear: bump to 2024.85
- update dropbear to latest stable 2024.85;
  for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- drop cherry-picked patches (merged in release 2024.84)
- refresh remaining patches

Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-05-09 19:35:20 +02:00
Christian Marangi
21ddd1164d
odhcpd: update to Git HEAD (2024-05-08)
99dd990690bc treewide: refactor pref(erred) to preferred_lt (lifetime)
4c2b51eab368 treewide: refactor valid to valid_lt (lifetime)
3b4e06055900 router: inherit user-assigned preferred_lifetime
e164414aa184 router: limit prefix preferred_lt to valid_lt in accordance with RFC4861
a2176af7bdeb treewide: spell-fixes and new comments for extra clarification
4590efd3a2b3 treewide: normalize spaces to tabs
2edc60cb7c7a router: rename minvalid to lowest_found_lifetime
7ee72ee17bfa router: disambiguate and clarify 'no route' messages
a29882318a4c config: set RFC defaults for preferred lifetime

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-05-08 00:11:19 +02:00