480551a3adc4 interface: add support for disabling renew on topology change
b7b294266781 device: add more debugging code
595094f5c213 device: do not pull device present state from hotplug events
4e11e52e9b98 main: add messages to udebug regardless of their log level
091d063f4a9d wireless: handle link updates even if devices are present already
a8e90853c936 interface: improve hotplug handling reliability
cdb41673ceea device: remove redundant newlines from debug messages
cd2a7964f2c0 device: revert to explicit device_set_present calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Try to do a clean disconnection via L3 request before the connection is
stopped.
Because this might take up to 6 seconds (the driver does 3 attempts with
a timeout of 2 seconds each), a termination timeout needs to be defined
in the init script.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Move the code for disconnection on exit to a separate function, and also
call it in the code paths for SIGINT and the "quit" CLI command.
While at it, make the patch description a bit clearer.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Move the code for disconnection on exit to a separate function, and also
call it in the code path for the "quit" CLI command.
While at it, make the patch description a bit clearer.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Use the correct return value in error message.
Fixes: 6e4c9738be ("ltq-vdsl-vr11-app: add version 4.23.1 for vr11 targets")
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Use the correct return value in error message.
Fixes: 1daaef31b3 ("ltq-vdsl-app: disconnect when service is stopped")
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
This patch fixes the list delimiter between 3GPP networks
passed to hostapd.
> list iw_anqp_3gpp_cell_net '262,001'
> list iw_anqp_3gpp_cell_net '262,002'
When passing a list of "iw_anqp_3gpp_cell_net" parameters via UCI,
hostapd would crash at startup:
> daemon.err hostapd: Line 73: Invalid anqp_3gpp_cell_net: 262,001:262,002
Using a semicolon as a delimiter, hostapd will start as expected.
Signed-off-by: Sarah Maedel <git@tbspace.de>
68c8a4f system-linux: re-apply ethtool on phy attachment
890929b wireless: add support for defining wifi interfaces via procd service data
b57e40b wireless: use blobmsg_parse_attr
7a6532f proto-shell: add proto property for skipping device config
33ec3da CMake: bump the minimum required CMake version to 3.5
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fixes the following error:
Syntax error: Unable to resolve path for module 'uci'
In line 3, byte 27:
`import * as uci from 'uci';`
Near here ----------------^
Fixes: 4a3ed518b2 ("wifi-scripts: rewrite wifi detect code in ucode")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The new script uses a different strategy compared to the previous one.
Instead of trying to split flows by hash and spread them to all CPUs,
use RPS to redirect packets to a single core only.
Try to spread NAPI thread and RPS target CPUs across available CPUs
and try to ensure that the NAPI thread is on a different CPU than the
RPS target. This significantly reduces cycles wasted on the scheduler.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When an IBBS interface is configured for IBSS legacy mode, wdev.htmode
is empty. This is empty string results in an empty positional argument
to the "ibbs join" command, for example:
iw dev phy0-ibss0 ibss join crymesh 2412 '' fixed-freq beacon-interval 100
This empty argument is interpreted as an invalid HT mode by 'iw',
causing the entire command to fail and print a "usage" message:
daemon.notice netifd: radio0 (4527): Usage: iw [options] \
dev <devname> ibss join <SSID> <freq in MHz> ...
Although nobody will ever need more than 640K of IBSS, explicitly use
"NOHT" if an HT mode is not given. This fixes the problem.
Fixes: e56c5f7b27 ("hostapd: add ucode support, use ucode for the main ubus object")
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [extend to cover more cases]
When using zst instead of xz, the hash changes. This commit fixes the
hash for packages and tools in core.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Without this configuration it is not possible to run the radio using HE160 on channels 149-177.
Fixes: #14906
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
Different from OPKG, APK uses a deterministic version schema which chips
the version into chunks and compares them individually. This enforces a
certain schema which was previously entirely flexible.
- Releases are added at the very and end prefixed with an `r` like
`1.2.3-r3`.
- Hashes are prefixed with a `~` like `1.2.3~abc123`.
- Dates become semantic versions, like `2024.04.01`
- Extra tags are possible like `_git`, `_alpha` and more.
For full details see the APK test list:
https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/master/test/version.data
Signed-off-by: Paul Spooren <mail@aparcar.org>
With mac80211_hwsim I have seen such entries in OpenWrt 22.03:
HE Iftypes: managed, AP
The mac80211.sh script did not detect the entry and failed. Allow
arbitrary other entries before to fix this problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Checking for AP_VLAN misdetects ath10k-ath12k as fullmac, because of software
crypto limitations. Check for monitor mode support instead, which is more
reliable.
Fixes: https://github.com/openwrt/openwrt/issues/14575
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Useful for UI and config generators. Will be used as intermediate
step for generating the default wifi configuration
Signed-off-by: Felix Fietkau <nbd@nbd.name>
730b4656e6b1 netifd: fix undefined va_list value which can cause crashes
c59457f69709 device: Log error message if device initialization failed
Signed-off-by: Felix Fietkau <nbd@nbd.name>
8f2806a37fe1 system-linux: set master early on apply settings
e3fc2b0026a5 system-linux: skip refreshing MAC on master change if custom MAC
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
eee02ccca8c8 device: add support to configure eee
bb28f6a291d9 wireless: fix sign comparison warning
35facc8306f5 wireless: fix premature removal of hotplug devices due to down state
Signed-off-by: Felix Fietkau <nbd@nbd.name>
841b05fbb91e system-linux: fix compilation error if IFLA_DSA_MASTER is not supported
5c9ecc1ff74f system-linux: make system_if_get_master_ifindex static
2dc7f450f3a2 system-linux: add option to configure DSA conduit device
838f815db5ef system-linux: add support for configurable GRO option
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
383753dd65ae device/bridge: support passing extra vlans in the device_set_state call
b6e75eafc1af device: send notifications for device events via ubus
cab415c7aefd bridge: add auth-required bridge members with auth_status=0 if vlan is enabled
827a02f0343c bridge: add support for configuring vlans for auth=1,auth_status=false
40ed7363caf2 device: fix build error on 32 bit systems
516ab774cc16 system-linux: fix race condition on bringing up wireless devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
4101dd4 fw4: perform strict validation of zone and set names
a923c88 fw4: pass zone to templates whenever possible
597dc90 fw4: add support for zone log_limit
1874050 fw4: add log_limit to rules and redirects
19a8caf ruleset: dispatch ct states using verdict map
a5553da ruleset: reduce ksoftirqd load by refering to looopback by numeric id
de3483c tests: adjust zone log limit testcases
7392792 ruleset: do not emit redundant drop invalid rules
698a533 ruleset: apply egress MSS fixup later to apply final MTU before wire
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add a function 'ipcalc' to /lib/functions.sh that sets variables more
safely using export.
With this new function, dnsmasq also handles the return value of ipcalc
correctly.
Fixes: e4bd3de1be ("dnsmasq: refuse to add empty DHCP range")
Co-Authored-By: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
f429bd94f99e system-linux: switch to new ETHTOOL_xLINKSETTINGS API
Fixes AN announcement for speeds beyond 1 GBit/s.
Adds new UCI options for Ethernet devices:
- autoneg: switch on or off auto-negotiation
- pause: if set to 0, do not announce symmetric flow control capability
- asym_pause: if set to 0, do not announce asymmetric flow control
capability.
- rxpause: if set overrides AN and forces RX pause accordingly
- txpause: if set overrides AN and forces TX pause accordingly
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
db3934d2f740 scripts/netifd-wireless.sh: properly fix WPA3 Enterprise support
Support the following values for the different WPA3 Enterprise modes:
- wpa3-mixed: WPA3 Enterprise transitional mode
This supports EAP with both SHA1 and SHA-256, with optional MFP
- wpa3: WPA3 Enterprise only mode
This supports only SHA256 with mandatory MFP
- wpa3-192: WPA3 Enterprise with mandatory 192 bit support
This uses only GCMP-256 ciphers
Disable 192 bit support and GCMP-256 ciphers for the regular "wpa3" mode.
It seems that even leaving in optional 192 bit support breaks auth on some
clients, including iOS devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
8c2758b4fbbb wireless: add support for replacing data blobs at runtime
0ff22a6a68ce wireless: enable dynamic reconfiguration by default
Signed-off-by: Felix Fietkau <nbd@nbd.name>
493e1589bc8b bridge: fix coverity false positive report
03a619947717 bridge: add support for configuring extra vlans for the bridge itself
4bea6d21a9ab wireless: fix changing reconf/serialize options in configuration
255b4d5c472e wireless: fix handling config reload with reconf=1
1ab992a74b43 wireless: fix another reconf issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
1571e18e4a69 bridge: add support for configuring extra tagged vlans on member devices
b719f189f243 bridge: make hotplug-added vlans default to tagged
edf3aced9f9a bridge: add support for adding vlan ranges via hotplug
Signed-off-by: Felix Fietkau <nbd@nbd.name>
077e05f2b129 vlan/vlandev: pass through extra vlan information passed via hotplug
40fad91eb5be wireless: add network_vlan config attribute
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The cli is a one-time run, and memory leaks would have been irrelevant. But people call libsw with cli programs as samples.
Doing a good job of memory management calls means that people who call libsw are not so easy to make mistakes.
Signed-off-by: nichel Chen <nichelnich@gmail.com>
Contains following changes:
* bridge: bridge_dump_info: add dumping of bridge attributes
* bridge: make it more clear why the config was applied
* cmake: fix build by reordering the cflags definitions
* treewide: fix multiple compiler warnings
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Based on Paul Fertser <fercerpav@gmail.com>'s guidance:
Change AUTORELEASE in rules.mk to:
```
AUTORELEASE = $(if $(DUMP),0,$(shell sed -i "s/\$$(AUTORELEASE)/$(call commitcount,1)/" $(CURDIR)/Makefile))
```
then update all affected packages by:
```
for i in $(git grep -l PKG_RELEASE:=.*AUTORELEASE | sed 's^.*/\([^/]*\)/Makefile^\1^';);
do
make package/$i/clean
done
```
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
This reduces open coding and allows to easily add a knob to enable
it treewide, where chosen packages can still opt-out via "no-lto".
Some packages used LTO, but not the linker plugin. This unifies 'em
all to attempt to produce better code.
Quoting man gcc(1):
"This improves the quality of optimization by exposing more code to the
link-time optimizer."
Also use -flto=auto instead of -flto=jobserver, as it's not guaranteed
that every buildsystem uses +$(MAKE) correctly.
Signed-off-by: Andre Heider <a.heider@gmail.com>
This reduces open coding and allows to easily add a knob to
enable it treewide, where chosen packages can still opt-out via
"no-gc-sections".
Note: libnl, mbedtls and opkg only used the CFLAGS part without the
LDFLAGS counterpart. That doesn't help at all if the goal is to produce
smaller binaries. I consider that an accident, and this fixes it.
Note: there are also packages using only the LDFLAGS part. I didn't
touch those, as gc might have been disabled via CFLAGS intentionally.
Signed-off-by: Andre Heider <a.heider@gmail.com>
This uses version 4.23.1 of the dsl_cpe_control package from the Intel
UGW 8.5.2.10 for the VRX518.
Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[rebased]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
[update to 4.23.1, added Jan's vector mac patch, fix warnings,
switch to tag tarball]
Signed-off-by: Andre Heider <a.heider@gmail.com>
[add missing nLine in autoboot script, fix disconnect on termination,
remove unneeded VR9 leftovers in init script]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Signed-off-by: Andre Heider <a.heider@gmail.com>
2cffe0c44e62 treewide: correctly apply IFNAMSIZ limit
96bcbb2e4eb6 wireless: allow set_retry ubus notify command to trigger a wdev restart
a2e8cd75dbf6 wireless: add support for disabling multicast-to-unicast per virtual interface
e9f44189ade7 system: move netdev types to system-linux.c where they are used
a3fab0119ef1 utils: include utils.h last
7ce73fc16765 vlandev: propagate topology changes
81c1fbcba2f2 device: fix vlan device issues with disappearing lower devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
700a925 fw4: prevent null access when no ipsets are defined
6443ec7 config: drop input traffic by default
119ee1a ruleset: drop ctstate invalid traffic for masq-enabled zones
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This is necessary with firewall4 to avoid a hard-to-diagnose race
condition during boot, causing DNAT rules not to be taken into account
correctly.
The root cause is that, during boot, the ruleset is mostly empty, and
interface-related rules (including DNAT rules) are added incrementally.
If a packet hits the input chain before the DNAT rules are setup, it can
create buggy conntrack entries that will persist indefinitely.
This new default should be safe because firewall4 explicitly accepts
authorized traffic and rejects the rest. Thus, in normal operations, the
default policy is not used.
Fixes: #10749
Ref: https://github.com/openwrt/openwrt/issues/10749
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Adding a new method to `ubus call dsl` to retrieve DSL statistics
used to feed the DSL charts (bit allocation, SNR, QLN and HLOG)
Signed-off-by: Roland Barenbrug <roland@treslong.com>
[fix pointer error, clean up]
Signed-off-by: Andre Heider <a.heider@gmail.com>
DSL_G997_LineStatusData_t defines special invalid values, skip these
metrics.
Signed-off-by: Roland Barenbrug <roland@treslong.com>
[split patch]
Signed-off-by: Andre Heider <a.heider@gmail.com>
4fbf6d7 ruleset.uc: log forwarded traffic not matched by zone policies
c7201a3 main.uc: reintroduce set reload restriction
756f1e2 ruleset: fix emitting set_mark/set_xmark rules with masks
3db4741 ruleset: properly handle zone names starting with a digit
43d8ef5 fw4: fix formatting of default log prefix
592ba45 main.uc: remove uneeded/wrong set reload restrictions
b0a6bff tests: fix testcases
145e159 fw4: recognize `option log` and `option counter` in `config nat` sections
ce050a8 fw4: fall back to device if l3_device is not available in ifstatus
Fixes: #10639, #10965
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This matches the scheme used by other target packages and will avoid
confusion with any future version.
Signed-off-by: Andre Heider <a.heider@gmail.com>
f5fcdcf cli: introduce test mode and refuse firewall restart on errors
a540f6d fw4: fix cosmetic issue with per-ruleset and per-table include paths
695e821 doc: fix swapped include positions in nftables.d README
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
a4484d4 fw4: support automatic includes
ca7e3a1 fw4: honour enabled option of include sections
5a02f74 tests: add missing fs.stat) mock data for `nf_conntrack_dummy`
111a7f7 fw4: don't inherit zone family from ct helpers
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The nft NAT packages for IPv4 and IPv6 were merged into the common
packages with kernel 5.1. The kmod-nft-nat6 package was empty in our
build, remove it.
Multiple kernel configuration options were also removed, remove them
from our generic kernel configuration too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The re-transmit counters can overflow the 32 bit representation resulting
in negative values being displayed. Background being that the numbers are
treated at some point as signed INT rather than unsigned INT.
Change the counters from 32 bit to 64 bit, should provide sufficient room
to avoid any overflow. Not the nicest solution but it works
Fixes: #10077
Signed-off-by: Roland Barenbrug <roland@treslong.com>
Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
the hash and timestamp of the remote copy of the archive
has changed since last bump
meaning the remote archive copy was recreated
Signed-off-by: Michael Pratt <mcpratt@pm.me>
11f5c7b fw4.uc: fix zone helper assignment
b9d35ff fw4.uc: don't skip zone for unavailable helper
e35e26b tests: add test for zone helpers
a063317 ruleset: fix conntrack helpers
e1cb763 ruleset: reuse zone-jump.uc template for notrack and helper chain jumps
11410b8 ruleset: reorder declarations & output tweaks
880dd31 fw4: fix skipping invalid IPv6 ipset entries
5994466 fw4: simplify `is_loopback_dev()`
53886e5 fw4: fix crash in parse_cthelper() if no helpers are present
11256ff fw4: add support for configurable includes
3b5a033 tests: add test coverage for firewall includes
d79911c fw4: support sets with timeout capability but without default expiry
15c3831 fw4: add support for `option log` in rule and redirect sections
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Before this change UCI sections of both types were parsed in order as
specified in UCI. That didn't work well with all drivers (e.g. b53).
It seems that VLAN setup can reset / overwrite previously set ports
parameters. It resulted in "switch_port" options defined above
"switch_vlan"s being silently ignored.
Ideally swconfig & all drivers should be improved to handle that
properly but it'd be a waste of time at this point as DSA replaces
swconfig. Use this minor parsing change as a quick fix.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2e1fcf4 netifd: fix hwmode for 60g band
39ef9fe interface-ip: fix memory corruption bug when using jail network namespaces
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
