The DropBear's dropbearkey supports limited set of arguments of
OpenSSH ssh-keygen: -t, -q -N -Y
After the change you can generate a key with the same command.
Still many features of the original OpenSSH ssh-keygen are absent in
the dropbearkey.
If it's needed then users should install openssh-keygen package that
will replace the /usr/bin/ssh-keygen with the full version.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14174
[ wrap commit description to 80 columns ]
Link: https://github.com/openwrt/openwrt/pull/14174
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
To enable verbose log for xdp-tools compilation, we check for "c" in
the OPENWRT_VERBOSE, but verbose.mk supports only "w" and "s" for V=1
and V=99.
Fix the wrong matching and correctly enable verbose output matching for
"s".
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Currently it's needed to have gcc-multilib on the host to correctly
compile xdp-tools. This is wrong and means that we are using host header
to compile a tool.
By some searching in how the makefile works it was discovered that
BPF_CFLAGS were not used and required to be appended to config.mk
Only one single header was added but we should include each BPF_CFLAGS
from bpf.mk. To make this some patching to bpf-header were required and
some patches to xdp-tools were required.
Also it's needed to pass the correct target to BPF_CFLAGS.
With the following changes xdp-tools can correctly compile with each
header from bpf-headers and should not use any host header.
Co-Developed-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Andre Heider <a.heider@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/11825
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
With "ebfe8b4 CMakeLists: set no-dangling-pointer" the compilation
option is set in uqmi, and can therefore be removed from no-error.
Signed-off-by: Jean Thomas <jean.thomas@wifirst.fr>
e7207be uqmi: print radio interfaces in serving system command
6ef41d6 uqmi: create function to print radio interface string
e25d042 uqmi: Add basic 5G NR support
3e782be uqmi: sync data from libqmi project
368d46c uqmi: support C reserved keywords in upstream JSON files
02e42c0 reorganize source code in common and uqmi specific parts
4591f0a .gitignore build/ directories
2b57ee1 uqmi: commands-uim: fix uninitialized use of card_application_state
7c77e77 data/code-gen: add support for indications
ddbf864 qmi-struct.h: add missing includes
5320c1d move qmi_get_error_str to into utils.c
1503bc7 dev.c: add missing import strings.h
bae945f commands-nas: add missing includes
9ffd0e2 commands: make `struct blob_buf status` public
a4fbdcc commands-nas: fix gcc warning
8ff632a dev.c: add comment to qmi_request_wait()
a043a74 CMakeLists: refactor SOURCES variable to allow later adding uqmid
ebfe8b4 CMakeLists: set no-dangling-pointer
c47125d CMakeLists: improve generated files
0f64b69 CMakeLists: update cmake minimum version to 3.5
As the built uqmi binary is now moved to a dedicated directory,
update the Makefile accordingly.
Signed-off-by: Jean Thomas <jean.thomas@wifirst.fr>
Because these capability advertisements default to on in lldpd, they
became absent at reload, and not restart, due to how the reload logic
works ( keep daemon running, send unconfigured and then the new config
via socket ), and it was not evident unless you happened to be looking
for it (e.g. via pcap or tcpdump). It was also not evident from the
manpage ( have now sent patches upstream ).
At reload time, the unconfigure logic disabled them unless they were
explicitly enabled (compare with other settings where 'unconfigure' just
resets them). Now they default to on/enabled at init time, and are
explicitly 'unconfigure'd at startup if the user disables them via:
lldp_mgmt_addr_advertisements=0
lldp_capability_advertisements=0
In other words: explicit is necessary to disable the advertisements.
The same applies to 'configure system capabilities enabled'. Technically
'unconfigure'd is the default but now it is explicit at reload.
Tested on: 23.05.3
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
ec8c620fd5f4 split bridge-local disable into rx and tx
40b1c5b6be4e flow: do not attempt to offload bridge-local flows
Signed-off-by: Felix Fietkau <nbd@nbd.name>
For interface type parameters, the man page documents patterns:
```
*,!eth*,!!eth1
uses all interfaces, except interfaces starting with "eth",
but including "eth1".
```
* Renamed `_ifname` to `_l2dev`.
* get the l2dev via network_get_physdev (and not l3dev)
* Glob pattern `*` is also valid - use noglob for this
The net result is that now interface 'names' including globs '*' and '!'
inversions are included in the generated lldpd configs.
Temporarily `set -o noglob` and then `set +o noglob` to disable & enable
globbing respectively, because when we pass `*` as an interface choice,
other file and pathnames get sucked in from where the init script runs,
and the `*` never makes it to lldpd.
Tested extensively on: 22.03.6, 23.05.3
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
[ squash with commit bumping release version ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
3159bbe0a2eb improve isolation when selecting a fixed output port
c77a7a1ff74d nl: fix getting flow offload stats
a08e51e679dd add support for disabling bridge-local flows via config
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The new script uses a different strategy compared to the previous one.
Instead of trying to split flows by hash and spread them to all CPUs,
use RPS to redirect packets to a single core only.
Try to spread NAPI thread and RPS target CPUs across available CPUs
and try to ensure that the NAPI thread is on a different CPU than the
RPS target. This significantly reduces cycles wasted on the scheduler.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Update to the latest upstream release to include recent improvements and
bugfixes. Update copyright, fix typo in PKG_NAME, and remove unneeded use
of MAKE_VARS definition in Makefile. Drop 001-cflags.patch and simplify
002-includes.patch after refreshing. Also simplify LTO/DCE build flags.
Link: https://github.com/libbpf/bpftool/releases/tag/v7.4.0
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
only available from >= 1.0.15
Comments are useful. Apparently this config parameter was committed when
openwrt used an older version of lldpd which did not yet support it.
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
With the switch to ZSTD for git clone packaging, hashes have changed so
fixup remaining package hashes that were missed in the inital update.
Fixes: b3c1c57 ("treewide: update PKG_MIRROR_HASH to zst")
Signed-off-by: Robert Marko <robimarko@gmail.com>
When an IBBS interface is configured for IBSS legacy mode, wdev.htmode
is empty. This is empty string results in an empty positional argument
to the "ibbs join" command, for example:
iw dev phy0-ibss0 ibss join crymesh 2412 '' fixed-freq beacon-interval 100
This empty argument is interpreted as an invalid HT mode by 'iw',
causing the entire command to fail and print a "usage" message:
daemon.notice netifd: radio0 (4527): Usage: iw [options] \
dev <devname> ibss join <SSID> <freq in MHz> ...
Although nobody will ever need more than 640K of IBSS, explicitly use
"NOHT" if an HT mode is not given. This fixes the problem.
Fixes: e56c5f7b27 ("hostapd: add ucode support, use ucode for the main ubus object")
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [extend to cover more cases]
When using zst instead of xz, the hash changes. This commit fixes the
hash for packages and tools in core.
Signed-off-by: Paul Spooren <mail@aparcar.org>
hostapd packages were accidentally left out. Clean up this mess by
changing the dependencies to hostapd-common
Signed-off-by: Felix Fietkau <nbd@nbd.name>
- move build/ifdef related changes together to the 200 patch range
- reduce adding/removing include statements across patches
- move patches away from the 99x patch range to simplify maintenance
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This adds From:, Date: and Subject: to patches, allowing one to run 'git
am' to import the patches to a hostapd git repository.
From: and Date: fields were taken from the OpenWrt commit where the
patches were first introduced.
Most of the Subject: also followed suit, except for:
- 300-noscan.patch: Took the description from the LuCI web interface
- 350-nl80211_del_beacon_bss.patch: Used the file name
The order of the files in the patch was changed to match what git
format-patch does.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Patch 050-build_fix.patch fixes the abscence of sha384-kdf.o from the
list of needed objetct files when FILS is selected without any other
option that will select the .o file.
While it is a bug waiting to be fixes upstream, it is not needed for
OpenWrt use case, because OWE already selects sha384-kdf.o, and FILS is
selected along with OWE.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This brings many changes, including fixes for a couple of memory leaks,
and improved interoperability with 802.11r. There are also many changes
related to 802.11be, which is not enabled at this time.
Fixed upstream:
- 022-hostapd-fix-use-of-uninitialized-stack-variables.patch
- 180-driver_nl80211-fix-setting-QoS-map-on-secondary-BSSs.patch
- 993-2023-10-28-ACS-Fix-typo-in-bw_40-frequency-array.patch
Switch PKG_SOURCE_URL to https, since http is not currently working.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Tested-by: Ilya Katsnelson <me@0upti.me>
Tested by: Andrew Sim <andrewsimz@gmail.com>
Our CI on GitHub as well as my local machine generates a different
PKG_MIRROR_HASH from what Felix uploaded the other day.
After receiving Felix file, both have indeed different hashes, however
when unpackaged via `xz -d` both have the same tarball content.
Below the checksums to compare:
a62bef497078c7b825f11fc8358c1a43f5db3e6d4b97812044f7653d60747d5b dl/unetd-2024.03.31~80645766.tar.xz
fbdac59581742bf208c18995b1d69d9848c93bfce487e57ba780d959e0d62fc4 dl/unetd-2024.03.31~80645766_felix.tar.xz
After unpacking:
a7189cae90bc600abf3a3bff3620dc17a9143be8c27d27412de6eb66a1cf1b7d dl/unetd-2024.03.31~80645766.tar
a7189cae90bc600abf3a3bff3620dc17a9143be8c27d27412de6eb66a1cf1b7d dl/unetd-2024.03.31~80645766_felix.tar
The tarball with the wrong hash was accidentally generated without the xz
revert to version 5.4.6
Signed-off-by: Paul Spooren <mail@aparcar.org>
52144f723bec pex: after receiving data update req, notify peer of local address/port
29aacb9386e0 pex: track indirect hosts (reachable via gateway) as peers without adding them to wg
48049524d4fc pex: do not send peer notifications for hosts with a gateway
12ac684ee22a pex: do not query for hosts with a gateway
203c88857354 pex: fix endian issues on config transfer
a29d45c71bca network: fix endian issue in converting port to network id
cbbe9d337a17 unet-cli: emit id by default
806457664ab6 unet-cli: strip initial newline in usage message
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Currently, both CI and local builds of wpa-supplicant will fail with:
/bin/sh: Argument list too long
Its happening as the argument list for mkdir in build.rules is too large
and over the MAX_ARG_STRLEN limit.
It seems that recent introduction of APK compatible version schema has
increased the argument size and thus pushed it over the limit uncovering
the issue.
Fixes: e8725a932e ("treewide: use APK compatible version schema")
Signed-off-by: Robert Marko <robimarko@gmail.com>
3aa2b6b devices: add device id for MediaTek MT7601U
79a9615 devices: add device id for Realtek RTL8188CU and RTL8188FTV
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Without this configuration it is not possible to run the radio using HE160 on channels 149-177.
Fixes: #14906
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
Different from OPKG, APK uses a deterministic version schema which chips
the version into chunks and compares them individually. This enforces a
certain schema which was previously entirely flexible.
- Releases are added at the very and end prefixed with an `r` like
`1.2.3-r3`.
- Hashes are prefixed with a `~` like `1.2.3~abc123`.
- Dates become semantic versions, like `2024.04.01`
- Extra tags are possible like `_git`, `_alpha` and more.
For full details see the APK test list:
https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/master/test/version.data
Signed-off-by: Paul Spooren <mail@aparcar.org>
PKG_MIRROR_HASH was accidentally generated with already APK-adapted
version string in the filename. That can't work (yet). Regenerate and
hash the file with the currently used version scheme to fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
e91ed40 ubus: assume that the service iface can be NULL
4094a3c interface: remove unused peer field
8a0c9db interface: add missing cache cleanup on interface free
3b341f4 add the ability to announce additional hostnames
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Make sure /etc/umdns/ is accessiable for the umdns process if it
exists and umdns is run with umdns.@umdns[0].jail='1'.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
dnsmasq was recently updated to 2.90, but PKG_RELEASE was not reset to 1.
Fixes: 838a27f64f ("dnsmasq: version 2.90")
Signed-off-by: Robert Marko <robimarko@gmail.com>
For certain lldp_class scenarios (2 & 3) a policy must be set also.
Class 4 is default, although it's good to handle the policy eventuality.
Here, set a default lldp_policy for all lldp_class scenarios. Any
lldp_policy can now be set.
Depends on PR #14584 (which introduced an `if` block)
Tested on 22.03.5, 22.03.6
Signed-off-by: Paul Donald <newtwen@gmail.com>
Previously only partially implemented. After commit
5007f488bb lldp_location was never removed
Now, add the value of lldp_location to the generated config.
The location param has a few syntaxes, so the config acquires the first
usage from the man page: 'address country EU'
Supplementary fix for PR #14193 (this param was included in the original
PR #13018 but the lldp_location fixes were absent from PR #14193).
Tested on 22.03.5, 22.03.6
Signed-off-by: Paul Donald <newtwen@gmail.com>
from commit 3ce909914a
The lldpd man page says that "configure lldp tx-interval" can
specify an interval value in milliseconds by appending a "ms" suffix to
the figure. Thus mandating string handling, and not integer comparison.
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
from commit 909f063066
Now pass two params to get_config_cid_ifaces() for:
cid_interface
interface
Each of which is a CSV of interfaces.
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
from commit ac771313eb
portidsubtype takes 1 of 2 possible keywords which do not need quoting:
configure lldp portidsubtype ifname | macaddress
The third keyword 'local' is used in the syntax when individual ports
are being defined:
configure [ports ethX [,…]] lldp portidsubtype local value
When this syntax is used, quoting is useful (see test cases for lldpd).
In the init file, the 'local' syntax is unused.
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
from commit c98ee4dbb3
agent-type takes 1 of 3 possible keywords which do not require quoting:
configure lldp agent-type nearest-bridge | nearest-non-tpmr-bridge
| nearest-customer-bridge
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
Bump to 2.90 to get upstream's fix for DNSSEC KeyTrap (CVE-2023-50387,
CVE-2023-50868) among many other goodies and fixes (notably, upstream
568fb024... fixes a UAF in cache_remove_uid that was routinely crashing
dnsmasq in my deployment).
Catch up our 200-ubus_dns.patch, too.
Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
With mac80211_hwsim I have seen such entries in OpenWrt 22.03:
HE Iftypes: managed, AP
The mac80211.sh script did not detect the entry and failed. Allow
arbitrary other entries before to fix this problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In some situations (slow protocol or interfaces with auto 0), the
interfaces are not available during the dnsmasq initialization and
hence, the ignore setting will be skipped.
Install an interface trigger for ignored interfaces in case their
ifname cannot be resolved.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Checking for AP_VLAN misdetects ath10k-ath12k as fullmac, because of software
crypto limitations. Check for monitor mode support instead, which is more
reliable.
Fixes: https://github.com/openwrt/openwrt/issues/14575
Signed-off-by: Felix Fietkau <nbd@nbd.name>
- introduce 'DirectInterface' option to bind exactly to specified interface;
fixes#9666 and late IPv4/IPv6 address assignment
- option 'DirectInterface' takes precedence over 'Interface'
- improve interface/address handling,
e.g. verify count of listening endpoints due to dropbear limit (10 for now)
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- correct maximum receive window size
- adjust receive window size against maximum allowed value
- warn about too high receive window size in syslog
improves f95eecfb
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
end users should have done this since OpenWrt 19.07.
if they didn't do this yet - perform auto-transition.
schedule 'rsakeyfile' removal for next year release.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
these options allow one to configure U2F/FIDO support in more granular way
inspired by upstream commit aa6559db
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
reduces binary/package size and increases overall performance
also:
- adjust 910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
to build without DROPBEAR_RSA/DROPBEAR_RSA_SHA256
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
hmac-sha1 and diffie-hellman-group14-sha1 are weak algorithms.
A future deprecation notice of ssh-rsa (2048-bit) has been issued. [1]
It has no place in a potentially internet-facing daemon like dropbear.
Upstream has acknowledged this and offered this solution to disable
these two until this is made to be the default in the next release
of dropbear next year. [2]
1. https://www.openssh.com/txt/release-8.2
2. https://github.com/mkj/dropbear/issues/138
Signed-off-by: John Audia <therealgraysky@proton.me>
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- "default n" is not needed: options are not selected by default
- wrap config on 80 characters width (assuming tab is 8 characters long)
- add feature cost size and security notes for DROPBEAR_AGENTFORWARD
and DROPBEAR_DBCLIENT_AGENTFORWARD:
describe why and where it should be disabled
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- switch DB_OPT_COMMON and DB_OPT_CONFIG to comma-separated lists:
this allows to have values with "|" in DB_OPT_COMMON and DB_OPT_CONFIG
which is more likely to be than values with commas;
use $(comma) variable for values with commas.
- sort DB_OPT_COMMON and DB_OPT_CONFIG to have "overrides" on top of list.
- allow DB_OPT_COMMON to have values with commas.
- allow to replace multiline definitions in sysoptions.h.
improves e1bd9645
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- update dropbear to latest stable 2022.83;
for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- drop patches:
- 001-fix-MAX_UNAUTH_CLIENTS-regression.patch
- rework patches:
- 901-bundled-libs-cflags.patch
- refresh remaining patches
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Bind to the configured system interfaces only. Switchport interfaces
are no longer ignored and uci interface values for LLDPD are honored.
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
Init script reload with trigger to detect config file update.
Reload command added to attempt non-impactful lldpd reload where
lldpcli can be used to update config without process restart.
Config hash function used to track whether process restart is needed.
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
Useful for UI and config generators. Will be used as intermediate
step for generating the default wifi configuration
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Bump PKG_RELEASE which should have been done by commit 7b1c3068b7
("uhttpd: restart when interface to listen becomes available").
Fixes: 7b1c3068b7 ("uhttpd: restart when interface to listen becomes available")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Currently uhttpd won't start with a listening interface configured if
the interface isn't already up at the time uhttpd starts. Make sure we
attempt to start uhttpd when it comes up.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Adds MediaTek MT7916AN and Cypress CYW43455 (Raspberry Pi 5) devices.
a34977c devices: add device id for Cypress CYW43455
3eb34df devices: add device id for MediaTek MT7916AN
There are no ABI changes.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
When wpa_psk_file is used, there is a chance that no PSK is set. This means
that the FT key will be generated using only the mobility domain which
could be considered a security vulnerability but only for a very specific
and niche config.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
When using WPA3-SAE or WPA2/WPA3 Personal Mixed, we can not use
ft_psk_generate_local because it will break FT for SAE. Instead
use the r0kh and r1kh configuration approach.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
802.11r can not be used when selecting WPA. It needs at least WPA2.
This is because 802.11r advertises FT support in-part through the
Authentication and Key Management (AKM) suites in the Robust
Security Network (RSN) Information Element, which was included in
the 802.11i amendment and WPA2 certification program.
Pre-standard WPA did not include the RSN IE, but the WPA IE.
This IE can not advertise the AKM suite for FT.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
Use a single jsonfilter expression to yield the list of logical wireguard
interface names in shell compatible notation.
Supersedes: #12344
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
[Upstream Backport]
The range for the 5 GHz channel 118 was encoded with an incorrect
channel number.
Fixes: ed8e13decc71 (ACS: Extract bw40/80/160 freqs out of acs_usable_bwXXX_chan())
Signed-off-by: Michael Lee <michael-cy.lee@mediatek.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Make the call deferred instead of blocking to avoid deadlock issues
Fixes: 3df9322771 ("hostapd: make ubus calls to wpa_supplicant asynchronous")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This reverts commit b7f9742da8.
There are several reports of regressions with this commit. Will be added
back once I've figured out and fixed the cause
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes a deadlock issue where depending on the setup order, hostapd and
wpa_supplicant could end up waiting for each other
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Modems which are using qmi do not reply on the 1st sync but they do
on subsequent. Sometimes uqmi is hanging - even when using an early
dummy access to unlock the modem. To always guarantee a proper
initialisation, running or hanging uqmi processes must be stopped
before. All uqmi calls have now a timeout option -t to avoid hanging.
Signed-off-by: Uwe Niethammer <uwe@dr-niethammer.de>
Use postinst script to reload service instead of uci-defaults hack. It's
possible thanks to recent base-files change that executes postinst after
uci-defaults.
This fixes support for uhttpd customizations. It's possible (again) to
adjust uhttpd config with custom uci-defaults before it gets started.
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Fixes: d25d281fd6 ("uhttpd: Reload config after uhttpd-mod-ubus was added")
Ref: b799dd3c70 ("base-files: execute package's "postinst" after executing uci-defaults")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Increasing the receive window size improves throughout on higher-latency
links such as WAN connections. The current default of 24KB caps out at
around 500 KB/s.
Increasing the receive buffer to 256KB increases the throughput to at
least 11 MB/s.
Signed-off-by: David Bauer <mail@david-bauer.net>
730b4656e6b1 netifd: fix undefined va_list value which can cause crashes
c59457f69709 device: Log error message if device initialization failed
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Prior to this commit, "localuse" (which enables local resolving through
dnsmsasq) was off by "default". That default was in turn overridden when
"noresolv" was unset (which itself is the default for "noresolv") *and*
"resolvfile" was "/tmp/resolv.conf.d/resolv.conf.auto" (also the default
for this parameter).
In other words, the "default" unset value for "localuse" would only be
ever used in specific *non-default* configurations.
However, the problem with that logic is that a user who wants to ignore
their ISP-provided resolvers by setting "noresolv" to true ends up with
a device that will *only use* said resolvers for local DNS queries,
serving clients' queries via dnsmasq (which now ignores the ISP
resolvers). This can lead to confusion and break random setups as the
DNS lookup performed on clients behalf can differ in their replies from
DNS lookups performed locally on the router.
Furthermore, "localuse" is not configurable through Luci, contrary to
the other two involved settings, adding further confusion for the end
user.
To work around this situation, the logic that sets "localuse" is
inverted: "localuse" now defaults to on by default, and IFF "noresolv"
is unset (default) AND "resolvfile" is changed from default THEN
"localuse" gets turned back off, allowing for more sensible behaviour.
"localuse" value set in config/dhcp still overrides the logic in all
cases, as it did already.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
8f2806a37fe1 system-linux: set master early on apply settings
e3fc2b0026a5 system-linux: skip refreshing MAC on master change if custom MAC
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Update to the latest upstream release to include recent improvements and
bugfixes. Also refresh local patches.
Link: https://github.com/libbpf/bpftool/releases/tag/v7.3.0
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
If the dnsmasq process forks to handle TCP connections, it closes the ubus
context. But instead of changing the daemon wide pointer to NULL, only the
local variable was adjusted - and this portion of the code was even dropped
(dead store) by some optimizing compilers.
It makes more sense to change the daemon->ubus pointer because various
functions are already checking it for NULL. It is also the behavior which
ubus_destroy() implements.
Fixes: d8b33dad0b ("dnsmasq: add support for monitoring and modifying dns lookup results via ubus")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
This is not activated by default and must be explicitly enabled via ubus
It supports reporting log messages and netlink packets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The new rewritten ipcalc.sh understands 3 notations:
ipaddr/prefix ...
ipaddr/dotted-netmask ...
ipaddr dotted-netmask ...
meaning that the previous 4th non-standard notation of "ipaddr prefix"
will be dropped, alas that's the notation that dnsmasq currently uses.
This change has us using the first notation which is the most common.
This behavior came in as
eda27e8382
a long time ago.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
eee02ccca8c8 device: add support to configure eee
bb28f6a291d9 wireless: fix sign comparison warning
35facc8306f5 wireless: fix premature removal of hotplug devices due to down state
Signed-off-by: Felix Fietkau <nbd@nbd.name>
841b05fbb91e system-linux: fix compilation error if IFLA_DSA_MASTER is not supported
5c9ecc1ff74f system-linux: make system_if_get_master_ifindex static
2dc7f450f3a2 system-linux: add option to configure DSA conduit device
838f815db5ef system-linux: add support for configurable GRO option
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Currently for 802.1s only, for wifi 2.4GHz in g/n mode, 40MHz is never
permitted.
This is probably due to the complexity of setting periodic check for the
intolerant bit. When noscan option is set, we ignore the presence of the
intoleran bit in near AP, so we can enable 40MHz and ignore any complex
logic for checking.
Fixes: #13112
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Also channel 7 for 2.4GHz can be set to HT40PLUS. Permit this and add it
to the list of the channels.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
noscan option for mesh was broken and actually never applied.
This is caused by a typo where ssid->noscan value is check instead of
conf->noscan resulting in the logic swapped and broken.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
383753dd65ae device/bridge: support passing extra vlans in the device_set_state call
b6e75eafc1af device: send notifications for device events via ubus
cab415c7aefd bridge: add auth-required bridge members with auth_status=0 if vlan is enabled
827a02f0343c bridge: add support for configuring vlans for auth=1,auth_status=false
40ed7363caf2 device: fix build error on 32 bit systems
516ab774cc16 system-linux: fix race condition on bringing up wireless devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
4101dd4 fw4: perform strict validation of zone and set names
a923c88 fw4: pass zone to templates whenever possible
597dc90 fw4: add support for zone log_limit
1874050 fw4: add log_limit to rules and redirects
19a8caf ruleset: dispatch ct states using verdict map
a5553da ruleset: reduce ksoftirqd load by refering to looopback by numeric id
de3483c tests: adjust zone log limit testcases
7392792 ruleset: do not emit redundant drop invalid rules
698a533 ruleset: apply egress MSS fixup later to apply final MTU before wire
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
It's already pulled in from /etc/rc.common.
Fixes: #13758
Fixes: 6b23836071 ("package: avoid the use of eval to parse ipcalc.sh output")
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Upgrading wpa_supplicant from 2.9 to 2.10 breaks broadcom-wl/ath11k
based adapters. The reason for it is hostapd tries to install additional
IEs for scanning while the driver does not support this.
The kernel indicates the maximum number of bytes for additional scan IEs
using the NL80211_ATTR_MAX_SCAN_IE_LEN attribute. Save this value and
only add additional scan IEs in case the driver can accommodate these
additional IEs.
Bug: http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
Bug-Debian: https://bugs.debian.org/1004524
Bug-ArchLinux: https://bugs.archlinux.org/task/73495
Upstream-Status: Changes Requested [https://patchwork.ozlabs.org/project/hostap/patch/20220130192200.10883-1-mail@david-bauer.net]
Reported-by: Étienne Morice <neon.emorice@mail.com>
Tested-by: Étienne Morice <neon.emorice@mail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The code for hostapd-mbedtls did not work when used for OWE association.
When handling association requests, the buffer offsets and length
assumptions were incorrect, leading to never calculating the y point,
thus denying association.
Also when crafting the association response, the buffer contained the
trailing key-type.
Fix up both issues to adhere to the specification and make
hostapd-mbedtls work with the OWE security type.
Signed-off-by: David Bauer <mail@david-bauer.net>
Configure the PLMN and APN to the modem. This is required in cases,
where either the SGSN or GGSN does not permit the selection of IPv4v6
pdp type.
Previously, the modem always tried to establish a dual-stacked PDP
context regardless of the configured PDP type in uci. As this setting
can not be parameterized when creating a WDS context, configure it to
the modems internal list of profiles. This way, the PDP type is taken
into account when creating the WDS context.
Signed-off-by: David Bauer <mail@david-bauer.net>
The PLMN selection was reset when calling network-register, thus
rendering the sepcific selection of a carrier unapplied.
Set the PLMN selection after executing network-register. This seems to
cause the modem to re-select the carrier eventually.
That being said, qmi does allow the parameterization of the
network-register to include dpecific PLMN settings, however this is
currently not implemented in uqmi.
Signed-off-by: David Bauer <mail@david-bauer.net>
Set the RAT preference before attaching. This handles cases better,
where a network might be available but not with the preferred RAT.
If RAT is changed to a non-available RAT after attach, QMI does not fail
with missing registration but with failing to establish a PDP session.
Signed-off-by: David Bauer <mail@david-bauer.net>
Increase the wait time before polling the connection state for the first
time.
Depending on the prior state of the modem, the first poll might still
return a connected state. The script then tries to establish a PDP
session, which subsequently fails as the modem by then is in scan state.
Increasing the wait-time to 3 seconds mitigates this from happening.
Signed-off-by: David Bauer <mail@david-bauer.net>
On some network-triggered disconnections the UIM state might end up in
"illegal". This prevents the modem from attaching to any network in
non-restricted service modes.
Detect this state and reset the SIM card. This way, the modem can attach
to networks again.
Signed-off-by: David Bauer <mail@david-bauer.net>
Failing the registration does not necessarily mean we can not bring this
interface up. For example, roaming SIM cards are possibly steered by the
home-operator.
Don't block restart of the QMI interface in this case.
Signed-off-by: David Bauer <mail@david-bauer.net>
This fixes building with USE_LTO enabled.
<artificial>:(.text+0xc22): relocation R_MIPS16_26 against `libxt_DNAT_init' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol printf
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status
Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
This fixes building with USE_LTO enabled.
<artificial>:(.text+0x400c): relocation R_MIPS16_26 against `iwinfo_close' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol strcpy
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status
Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
d8118f6 config: make sure timer is not on the timeouts list before freeing
4bbc6e7 add hostsfile output in addition to statefile
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
c8c9f10 uim: fix help formatting
aac0776 uqmi: add APN profile commands
ffc5eea uim: support SIM card power-up/down
d6c963d uim: add application state to SIM status
Signed-off-by: David Bauer <mail@david-bauer.net>
The option 31 in the RA specifies the DNS search list, the support
to configure this via UCI is missing in case dnsmasq-dhcpv6 is used.
This commit uses the uci option domain (same as is done by odhcpd) to
read and pass the DNS search list to dnsmasq, which is then used by RA.
Hence, with this commit, we are able to configure DNS search list for the
RA messages via the uci config when dnsmsaq-dhcpv6 is used.
Signed-off-by: Rahul Thakur <rahul.thakur@iopsys.eu>
479c7f8676d9 cache: make record/hostname lookup case-insensitive
26c97a5a50bf ubus: add a browse flag for suppressing cached ip addresses
c286c51a9bd9 Fix AVL tree traversal in cache_record_find and cache_host_is_known
4035fe42df58 interface: use a global socket instead of per-interface ones
c63d465698c7 cache: dump hostname target from srv records
b42b22152d73 use hostname from SRV record to look up IP addresses
d45c443aa1e6 ubus: add array flag support for the hosts method
Signed-off-by: Felix Fietkau <nbd@nbd.name>
There are a few targets that mess with the atm kernel headers. To avoid
incompatibility between kernel and user space during compilation, the
correct headers should be used.
Consequently, the package must also be marked as nonshared.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Modems which are using qmi do not reply on the 1st sync but they do
on subsequent. So qmi.sh is hanging on the first call. Since 2020 uqmi
supports a timeout parameter. Unfortunately qmi.sh didn't make use of
this parameter. So qmi.sh is now invoking an early dummy access to
unlock the modem
Signed-off-by: Uwe Niethammer <uwe@dr-niethammer.de>
Recent hostapd changes just edited the ucode files. It is required to
bump the PKG_RELEASE to include the newest changes in the latest builds.
Signed-off-by: Nick Hainke <vincent@systemli.org>
If the full interface is restarted while bringing up an AP, it can trigger a
wpa_supplicant interface start before wpa_supplicant is notified of the
allocated mac addresses.
Fix this by moving the iface_update_supplicant_macaddr call to just after
the point where mac addresses are allocated.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
In the dnsmasq init script, an off-by-one in the range calculation of
ipcalc.sh was mitigated by passing the limit as if its counting started
at zero. This patch removes the mitigation as the off-by-one has been
fixed.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Add a function 'ipcalc' to /lib/functions.sh that sets variables more
safely using export.
With this new function, dnsmasq also handles the return value of ipcalc
correctly.
Fixes: e4bd3de1be ("dnsmasq: refuse to add empty DHCP range")
Co-Authored-By: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
allow to overwrite the detected system capabilities e.g. if devices
does not operate as bridge.
Signed-off-by: Sebastian Pflieger <sebastian@pflieger.email>
The patch refresh accidentally moved the hostapd_ucode_free_iface call to
the wrong function
Fixes: e9722aef9e ("hostapd: fix a crash when disabling an interface during channel list update")
Signed-off-by: Felix Fietkau <nbd@nbd.name>