This service automatically establishes connections to any hosts that are members
of the same unet network, and allows publish/subscribe exchanges via ubus channels.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This does not actually create a new private key. Instead, the salt is replaced,
and a xor key is generated which when merged with the key derived from the new
password transforms into the original private key.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Currently, logging level of the RADIUS server is a constant corresponding
to the highest verbosity (EXCESSIVE, ALL), but when running as a system
service, the output is discarded.
This commit makes logging verbosity configurable by `log_level` option
and redirects all logs to `logd`. Possible levels are defined in hostap
sources:
https://w1.fi/cgit/hostap/tree/src/utils/wpa_debug.h?id=012a893c469157d5734f6f33953497ea6e3b0169#n23
Their reference is inlined in `radius.config` file.
Default value for logging verbosity is INFO (even if the `-l` flag isn't
specified).
Signed-off-by: Dávid Benko <davidbenko@davidbenko.dev>
Link: https://github.com/openwrt/openwrt/pull/18089
Signed-off-by: Robert Marko <robimarko@gmail.com>
Even though IPv6 support for hostapd RADIUS server is implemented
(flag `-6`), it's not possible to enable it from configuration.
This commit adds this option and adapts init script.
Signed-off-by: Dávid Benko <davidbenko@davidbenko.dev>
Link: https://github.com/openwrt/openwrt/pull/18089
Signed-off-by: Robert Marko <robimarko@gmail.com>
d8b43985e4d7 ubus: fix token_create policy
7326459bd743 ubus: dump service information on network_get
6c9c8fbd8128 service: add @all as alias for all members, unless defined differently
Signed-off-by: Felix Fietkau <nbd@nbd.name>
`ucv_array_set` releases the array's reference to the object being cleared.
If this is the last reference to the object, it will be freed, making our
pointer `val` invalid.
To avoid this, we need to obtain our own reference to the object so we
can safely return `val`.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Since `wpa_ucode_registry_add` collects its own reference to the values added, the
two functions `hostapd_ucode_bss_get_uval` and `hostapd_ucode_iface_get_uval` would
sometimes return a referenced object (from `uc_resource_new`) and sometimes return
an unreferenced object (from `wpa_ucode_registry_get`). Now, both functions always
return a referenced object.
This change also indirectly fixes `hostapd_ucode_bss_get_uval`, ensuring it now
always returns a referenced object.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Remove extra ucv_get calls when passing a referenced value to an object
without using it further.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes a common reference counting bug typically along the lines of:
```
uc_value_push(ucv_get(ucv_string_new(...)));
```
This would leave our new string with a reference count of 2, one from
the construction of the string, the other from `ucv_get`. This would
prevent the strings from being correctly cleaned up when it goes out
of scope.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
75a236be122a service: add missing null pointer check
f5341f327539 ubus: add api for generating and validating security tokens
3fab99eab4d5 add udebug support
28d86bd30e97 pex: only respond to update requests when we have network data
8e6f37cc361e pex-msg: ignore no-data responses if version is zero
12e6cf7f63e1 pex: create pex host from update responses
edc8fdae463a ubus: show the local addresses in network status
Signed-off-by: Felix Fietkau <nbd@nbd.name>
ethtool since version 6.9 introduced support for getting/setting RSS
input transformation supported in Linux since version 6.8.
The now changed kernel ioctl ABI, however, cannot be detected from
userland, and ethtool since version 6.9 simply assumes that a previously
reserved field is now used to set the input transformation.
Unfortunately the default value RXH_XFRM_NO_CHANGE (0xff) used by ethtool
userland creates an incompatibility with older kernels which cannot be
resolved easily without introducing even more ABI breakage.
Work-around the issue and fix support for --set-rxfh and --set-rxfh-indir
ethtool userland tool commands by making the support for input_xfrm
conditional on compile time, and keep it disabled for Linux 6.6.
Fixes: 8c2dcd1518 ("ethtool: update to 6.10")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update iproute2 to 6.13.
Release notes:
https://lwn.net/ml/all/20250120194053.3744d96b@hermes.local/
Allows us to drop multiple upstreamed patches:
package/network/utils/iproute2/patches/013-endian.h.patch
package/network/utils/iproute2/patches/014-basename.patch
package/network/utils/iproute2/patches/015-limits.h.patch
package/network/utils/iproute2/patches/016-limits.h.patch
package/network/utils/iproute2/patches/017-linux-limits.patch
package/network/utils/iproute2/patches/018-linux-limits.patch
Link: https://github.com/openwrt/openwrt/pull/18067
Signed-off-by: Robert Marko <robimarko@gmail.com>
On exit, the app tries to do an orderly shutdown of the DSL connection
before it is stopped forcibly. Since the driver does 3 attempts with a
timeout of 2 seconds each, this might take about 6 seconds in the worst
case.
This is problematic on sysupgrade, because any process that doesn't exit
within 4 seconds is killed. This means that the DSL connection might not
be stopped at all before the actual system upgrade begins.
To avoid this, use the newly added option in the driver to not retry the
L3 request on failure.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Link: https://patchwork.ozlabs.org/project/openwrt/patch/20250130102108.1606919-3-jan@3e8.eu/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
he_spr_psr_enabled is appended to hostapd.conf if it's enabled, but hostapd
doesn't support this config, it should be used as an internal flag to control
the he_spr_sr_control configuring.
Signed-off-by: Lix Zhou <xeontz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18025
Signed-off-by: John Crispin <john@phrozen.org>
On some devices, the rx/tx bitrate may not always be available
right away, or at all when in mesh mode at plink is blocked causing
the following:
```
Reference error: left-hand side expression is null
In assoclist(), file /usr/share/ucode/iwinfo.uc, line 321, byte 46:
called from function info (/usr/share/ucode/iwinfo.uc:427:33)
called from anonymous function (/usr/bin/iwinfo:108:25)
` bitrate_raw: station.sta_info.tx_bitrate.bitrate,`
Near here -----------------------------------------------^
Reference error: left-hand side expression is null
In assoclist(), file /usr/share/ucode/iwinfo.uc, line 314, byte 54:
called from function info (/usr/share/ucode/iwinfo.uc:427:33)
called from anonymous function (/usr/bin/iwinfo:108:25)
` bitrate: format_rate(station.sta_info.rx_bitrate.bitrate),`
Near here -------------------------------------------------------^
Reference error: left-hand side expression is null
In assoc_flags(), file /usr/share/ucode/iwinfo.uc, line 216, byte 12:
called from function assoclist (/usr/share/ucode/iwinfo.uc:323:51)
called from function info (/usr/share/ucode/iwinfo.uc:427:33)
called from anonymous function (/usr/bin/iwinfo:108:25)
` if (data[k])`
Near here -------^
```
This was seen on Linksys MX5300 in mesh mode (QCA9984).
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/18027
Signed-off-by: John Crispin <john@phrozen.org>
* Add missing parentheses in the conditionals for VHT160/VHT160-80PLUS80
and VHT_MAX_MPDU capabilities. The missing parentheses caused the bitwise
AND to be evaluated after the equality comparison due to ECMA's operator
precedence, where `==` has higher precedence than `&`.
* Fix Max MPDU length detection by changing the comparison operators to
`>=` vs `>` otherwise the condition would never be met.
* Add missing default values:
- `true` value for `short_gi_80` (As it exists for `short_gi_20`, `short_gi_40`, `short_gi_160`)
- `7` for `vht_max_mpdu` (Without it the loop in MAX-MPDU-* calculation always compares with null)
* Change the `vht160` condition to `config.vht160 <= 2`. This flag is
`2` by default, and only ever set to `0` when `vht_oper_chwidth < 2`.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/18013
Signed-off-by: John Crispin <john@phrozen.org>
Notation for RX-STBC VHT capabilities when specifying number of spatial
streams should be hyphenated, e.g. RX-STBC-1, RX-STBC-2. HT capabilities
use without hyphen, e.g. RX-STBC1, RX-STBC2. This is consistent with
what hostapd expects.
```c
static int hostapd_config_ht_capab(struct hostapd_config *conf,
const char *capab)
{
if (os_strstr(capab, "[RX-STBC1]")) {
conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
conf->ht_capab |= HT_CAP_INFO_RX_STBC_1;
}
if (os_strstr(capab, "[RX-STBC12]")) {
conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
conf->ht_capab |= HT_CAP_INFO_RX_STBC_12;
}
if (os_strstr(capab, "[RX-STBC123]")) {
conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
conf->ht_capab |= HT_CAP_INFO_RX_STBC_123;
}
}
static int hostapd_config_vht_capab(struct hostapd_config *conf,
const char *capab)
{
if (os_strstr(capab, "[RX-STBC-1]"))
conf->vht_capab |= VHT_CAP_RXSTBC_1;
if (os_strstr(capab, "[RX-STBC-12]"))
conf->vht_capab |= VHT_CAP_RXSTBC_2;
if (os_strstr(capab, "[RX-STBC-123]"))
conf->vht_capab |= VHT_CAP_RXSTBC_3;
if (os_strstr(capab, "[RX-STBC-1234]"))
}
```
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/18013
Signed-off-by: John Crispin <john@phrozen.org>
When selecting channels above 100 in VHT160+ modes the center
frequency segment was incorrectly set to 50, causing the interface
to not come up.
Change logic to instead check if the channel is within ±28 channels
of the intended center, which matches the actual 160+ MHz channel
width specification for VHT160, HE160, and EHT160.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/18013
Signed-off-by: John Crispin <john@phrozen.org>
This vastly simplifies creating and managing unet networks.
It also adds support for the unetd protocol for onboarding new nodes
over the network.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Depending on the config / circumstances, the get_psk call can be called
multiple times from differnt places, which can lead to wrong sta->psk_idx
values. The correct call is the one that is also interested in the vlan_id,
so use the vlan_id pointer as indication of when to set sta->psk_idx.
Also fix off-by-one error for secondary PSKs
Fixes: b2a2c286170d ("hostapd: add support for authenticating with multiple PSKs via ubus helper")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The 00 address_mask needs to be inverted, otherwise the mac address
allocation will modify the last byte instead of the first one.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Unless another toolchain is present (or selected), build the bpf toolchain
whenever a package is selected that needs it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
9ff15f7ee3a0 devices: add device id for MediaTek MT7992E
94b3a3c1a6c4 devices: add device id for Qualcomm Atheros IPQ5018
9cec6b4dd2df devices: add device id for Qualcomm Atheros QCN6122
Link: https://github.com/openwrt/openwrt/pull/17878
Signed-off-by: Robert Marko <robimarko@gmail.com>
322500403615 service: add default group @ to match all nodes
5f7860306200 ubus: rename unetd_ubus_notify to unetd_ubus_network_notify
d13752814651 enroll: add PEX sub-protocol to support enrolling new nodes into a network
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Version 6.11 - October 8, 2024
* Feature: cmis: print active and inactive firmware versions
* Feature: flash transceiver module firmware (--flash-module-firmware)
* Feature: add T1BRR 10Mb/s mode to link mode tables
* Feature: support for disabling netlink from command line
* Fix: fix lanes parameter format specifier
* Fix: add missing clause 33 PSE manual description
* Fix: qsf: Better handling of Page A2h netlink read failure
* Fix: rss: retrieve ring count using ETHTOOL_GRXRINGS ioctl (-x)
* Misc: man page formatting fix
* changelog here: https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/commit/NEWS?id=c0ea4b70c71334ef038f7a3416b228a50dada406
Tested on gl.inet MT6000, retrieve ring count is now working
Signed-off-by: Andrea Pesaresi <andreapesaresi82@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17607
Signed-off-by: Robert Marko <robimarko@gmail.com>
Some platforms a single ethernet device for all ports with multiple rx rings
and NAPI threading enabled. In this case, the steering script was limiting
performance by keeping all NAPI threads assigned to the same CPU.
Fix this by assigning each rx queue and the corresponding NAPI task separately.
Additionally, if the number of rx queues is at least as big as the number of
CPUs, skip weight based assignment and distribute the load across all CPUs
directly.
Fixes: https://github.com/openwrt/openwrt/issues/17611
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The lldp_class and lldp_location config option are only valid when
compiled with LLDP-MED support. If not they will cause lldpd not to
start.
Signed-off-by: Sebastian Pflieger <sebastian@pflieger.email>
Link: https://github.com/openwrt/openwrt/pull/17571
Signed-off-by: Robert Marko <robimarko@gmail.com>
