Add ubus interface to hostapd and wpa_supplicant to allow dynamically
reloading wiface configuration without having to restart the hostapd
process.
As a consequence, both hostapd and wpa_supplicant are now started
persistently on boot for each wifi device in the system and then
receive ubus calls adding, modifying or removing interface
configuration.
At a later stage it would be desirable to reduce the services to one
single instance managing all radios.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
7a723d0 wireless: add ubus method for reloading configuration
e15147c wireless: make reconf opt-in and allow serializing configuration
Set new option 'reconf' in 'wifi-device' section to enable dynamic
re-configuration on that radio.
If necessary, also set option 'serialize' which forced netifd to
configure interfaces of wireless devices one-by-one.
Both options are disabled by default.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Includes following changes:
9d9d4c284786 fix possible garbage in unitialized char* struct members
dbc1b1b71b24 fix possible copy of null buffer and validation of unitialized header
76d53deef8bb crc32: add missing stdint.h dependency
e5666ed3b47c add cram based unit tests
abe0cf7de053 add initial GitLab CI support
e43042507b4f iron out extra compiler warnings
5df0cd6e1523 convert into CMake project
a7dc0526f819 refactor into separate Git project
adds missing PKG_LICENSE field and converts the package build to utilize
CMake.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Instead of depending on kmod-usb2 make it depend on the normal USB
dependencies. This should hopefully fix some problems seen in the build
bot builds for powerpc_8540.
In addition also activate DRIVER_11N_SUPPORT support.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
lib and includedir point to the host, not staging_dir.
Note that prefix and exec_prefix is overriden to point to staging_dir.
As CMAKE_INSTTALL is passed, switched InstallDev to use cmake.mk's rule.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
includedir and libdir are set to /usr/include and /usr/lib . This breaks
compilation with packages such as tmux that use pkgconfig to find libevent
Also added PKG_LICENSE_FILES.
Simplified the InstallDev section by using cmake.mk's default rule.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Forward the OpenWrt TARGET_LDFLAGS to the linker of the fw_printenv tool.
In addition also use the more standard make invocation script.
With this change the fw_printenv tool is built with PIE and Full RELRO
support when activated globally in OpenWrt.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Update busybox to 1.31.1
Small bug fix release. Fixes for dc, ash (PS1 expansion fix),
hush, dpkg-deb, telnet and wget.
No need to refresh patches or config.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Now that 'start-console' procd command has reached the main repo,
we can add a rule to start consoles on serial devices which are
created when USB gadget driver reports creation with hotplugging.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Also update the U-Boot BSP patch for I2SE Duckbill devices.
Run tested on I2SE Duckbill and Olimex OLinuXino Maxi boards.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This decreases the size of the usign application by 16% on MIPS BE.
old:
24,597 /usr/bin/usign
new:
20,501 /usr/bin/usign
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This decreases the size of the swconfig application by 25% on MIPS BE.
old:
16,916 /sbin/swconfig
new:
12,565 /sbin/swconfig
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This decreases the size of the mtd application by 25% on MIPS BE.
old:
20,597 /sbin/mtd
new:
16,421 /sbin/mtd
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This decreases the binary size when PIE ASLR is activated by 8% on MIPS BE.
old:
202,020 /usr/sbin/dnsmasq
new:
185,676 /usr/sbin/dnsmasq
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Commit ad7c6102f2 ("busybox: fix missing install with suid bit set if
FEATURE_SUID=y") actually fixes BUSYBOX_CONFIG_FEATURE_SUID option and
thus would install busybox setuid root by default which would result in
possibly unwanted change of current behaviour, so let's disable this
option by default in order to preserve the current status-quo.
For the record: disabling FEATURE_SUID to preserve the status-quo does
*not* imply the current status-quo is "safer", or for that matter, in
any way desireable. That is a discussion to be had on the mailing
lists.
Switching the FEATURE_SUID default to "n" is simply a compromise to
facilitate the merge of the changes that unbreak FEATURE_SUID.
Ref: PR#2502
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
[commit title/description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
With FEATURE_SUID=y one can install busybox binary belonging to root
with the suid bit set, enabling some applets to perform root-level
operations even when run by ordinary users. Busybox then drops
privileges for applets that don't need root access, before entering
their main() function.
Currently we don't install busybox binary with suid bit set, rendering
this feature unusable.
Note that we can't just "chmod u+s /bin/busybox" at runtime as a
"cheaper" solution: it would waste approximately 200KiB of FLASH (the
whole /bin/busybox binary gets copied into the overlay).
Ref: PR#2502
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
[commit title/description facelift, use INSTALL_SUID variable]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This reverts commit 6170c46b47.
There has been demand for further evaluation of the impact of a
changed hostname, so this is reverted for now. The default hostname
will be "OpenWrt" again after this commit.
The macaddr_geteui() function is not removed by this revert.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
If a label MAC address is provided for device, system
will rename the hostname with OpenWrt_{eui mac address}.
This helps to distinguish between different devices.
Since it's no good idea to nest json_* functions, this code does
not use get_mac_label directly, but only get_mac_label_dt as
external resource.
Signed-off-by: Rosy Song <rosysong@rosinson.com>
[merged with commit introducing macaddr_geteui, rebased on updated
label MAC address storage, extended commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
If set, label MAC address is available from one of two sources,
device tree or board.json. So far, the function get_mac_label
was meant for retrieving the address, while an option in uci
system config was specified only for case 2 (board.json).
The uci config option has several drawbacks:
- it is only used for a fraction of devices (those not in DT)
- label MAC address is a device property, while config implies
user interaction
- label_macaddr option will only be set if /etc/config/system
does not exist (i.e. only for new installations)
Thus, this patch changes the behavior of get_mac_label:
Instead of writing the value in board.json to uci system config
and reading from this location afterwards, get_mac_label now
extracts data from board.json directly. The uci config option
won't be used anymore.
In addition, two utility functions for extraction only from DT
or from board.json are introduced.
Since this is only changing the access to the label MAC address, it
won't interfere with the addresses stored in the code base so far.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This is needed to export crypto information to netfilter, allowing
the alt. afalg openssl engine to obtain information about the drivers
being used.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Many bugs were fixed--2 patches removed here.
This release of wolfSSL includes fixes for 5 security vulnerabilities,
including two CVEs with high/critical base scores:
- potential invalid read with TLS 1.3 PSK, including session tickets
- potential hang with ocspstaping2 (always enabled in openwrt)
- CVE-2019-15651: 1-byte overread when decoding certificate extensions
- CVE-2019-16748: 1-byte overread when checking certificate signatures
- DSA attack to recover DSA private keys
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Includes following changes:
0230d0698e59 add initial GitLab CI support
5e13b797a988 iron out all extra compiler warnings
802fbd4d6f39 cmake: enable extra compiler checks
050bb5c4431b convert into CMake project
5b350e42d1fd refactor into separate Git project
and converts the package build to utilize CMake.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The QCA953x only supports 25 MHz refclk, however some OEMs set an
invalid bootstrap value for the REF_CLK option, which would break the
clock detection in ath9k.
Force the QCA953x refclk to 25MHz in ath9k, as this is (according to the
datasheet) the only valid frequency.
Signed-off-by: David Bauer <mail@david-bauer.net>
The release notes since last time for wave-1:
* October 5, 2019: Fix too-short msg caused by invalid use of PayloadLen in receive path.
This appears to resolve the issue of getting (and ignoring) too-short commands
when we detect loss of CE interrupts and go into polling mode.
* October 12, 2019: Fix regression in IBSS mode that caused SWBA overrun issues. Related to
regression added during the ct-station logic, specifically TSF allocation.
Thanks for Ahmed Zaki @ Mage-Networks for helping to diagnose and test.
* October 15, 2019: Only send beacon tx completion events if we can detect CT driver is being
used (based on CT_STATS_OK flag being set). This should help CT firmware work
better on stock driver.
The release notes since last time for wave-2:
* October 15, 2019: Only send beacon tx completion events if we can detect CT driver is being
used (based on ATH10k_USE_TXCOMPL_TXRATE2 | ATH10k_USE_TXCOMPL_TXRATE1 flags being set).
This should help CT firmware work better on stock driver.
* October 31, 2019: Compile out peer-ratecode-list-event. ath10k driver ignores the event.
* November 1, 2019: Fix rate-ctrl related crash when nss and other things were changed while
station stays associated. See bug: https://github.com/greearb/ath10k-ct/issues/96
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
c9b6668 ustream-ssl: skip writing pending data if .eof is true after connect
Fixes: CVE-2019-5101, CVE-2019-5102
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The device path will be the same for the first phy. For all subsequent
phys, the path gets an extra +1, +2, ...
Move the code for converting path to phy and vice versa to a separate
library script shared by config detection code and the netifd wireless
handler script
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This enables PMKSA and opportunistic key caching by default for
WPA2/WPA3-Personal, WPA3-Personal and OWE auth types.
Otherwise, Apple devices won't connect to the WPA3 network.
This should not degrade security, as there's no external authentication
provider.
Tested with OCEDO Koala and iPhone 7 (iOS 13.1).
Signed-off-by: David Bauer <mail@david-bauer.net>
https://patchwork.kernel.org/patch/11224189/
--
On 2019-10-28 06:07, wbob wrote:
> Hello Roman,
>
> while reading around drivers/net/wireless/ralink/rt2x00/rt2800lib.c
> I stumbled on what I think is an edit of yours made in error in march
> 2017:
>
> https://github.com/torvalds/linux/commit/41977e86#diff-dae5dc10da180f3b055809a48118e18aR5281
>
> RT6352 in line 5281 should not have been introduced as the "else if"
> below line 5291 can then not take effect for a RT6352 device. Another
> possibility is for line 5291 to be not for RT6352, but this seems
> very unlikely. Are you able to clarify still after this substantial time?
>
> 5277: static int rt2800_init_registers(struct rt2x00_dev *rt2x00dev)
> ...
> 5279: } else if (rt2x00_rt(rt2x00dev, RT5390) ||
> 5280: rt2x00_rt(rt2x00dev, RT5392) ||
> 5281: rt2x00_rt(rt2x00dev, RT6352)) {
> ...
> 5291: } else if (rt2x00_rt(rt2x00dev, RT6352)) {
> ...
Hence remove errornous line 5281 to make the driver actually
execute the correct initialization routine for MT7620 chips.
As it was requested by Stanislaw Gruszka remove setting values of
MIMO_PS_CFG and TX_PIN_CFG. MIMO_PS_CFG is responsible for MIMO
power-safe mode (which is disabled), hence we can drop setting it.
TX_PIN_CFG is set correctly in other functions, and as setting this
value breaks some devices, rather don't set it here during init, but
only modify it later on.
Fixes: 41977e86c984 ("rt2x00: add support for MT7620")
Reported-by: wbob <wbob@jify.de>
Reported-by: Roman Yeryomin <roman@advem.lv>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>
--
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
It contains a single change to vlist.h header file: "vlist: add more
macros for loop iteration". This is needed for newer version of fstools
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Enables radio resource management to be reported by hostapd to clients.
Ref: https://github.com/lede-project/source/pull/1430
Co-developed-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
When ASLR_PIE was activated globally these drivers failed to build
because the user space LDFLAGS leaked into the kernel build process.
This was fixed in upstream Linux kernel commit ce99d0bf312d ("kbuild:
clear LDFLAGS in the top Makefile") which went into Linux 4.17. The
lantiq target is now on Linux 4.19 only and these exceptions are not
needed any more.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch adds ath79 support for Netgear WNR2200.
Router was previously supported by ar71xx target only (8 MiB variant).
Netgear WNR2200 has two flash versions - 8MiB sold in EU, US etc. and
16 MiB for Russia and China markets. Apart from flash size both variants
share the same hardware specification.
Specification
=============
* Description: Netgear WNR2200
* Loader: U-boot
* SOC: Atheros AR7241 (360 MHz)
* RAM: 64 MiB
* Flash: 8 MiB or 16 MiB (SPI NOR)
- U-boot binary: 256 KiB
- U-boot environment: 64 KiB
- Firmware: 7808 KiB or 16000 KiB
- ART: 64 KiB
* Ethernet: 4 x 10/100 LAN + 1 x 10/100 WAN
* Wireless: 2.4 GHz b/g/n (Atheros AR9287)
* USB: yes, 1 x USB 2.0
* Buttons:
- Reset
- WiFi (rfkill)
- WPS
* LEDs:
- Power (amber/green)
- WAN (amber/green)
- WLAN (blue)
- 4 x LAN (amber/green)
- WPS (green)
* UART: 4-pin connector JP1, 3.3V (Vcc, TX, RX, GND), 115200 8N1
* Power supply: DC 12V 1.5A
* MAC addresses: LAN on case label, WAN +1, WLAN +2
Installation
============
* TFTP recovery
* TFTP via U-boot prompt
* sysupgrade
* Web interface
Test build configuration
========================
CONFIG_TARGET_ath79=y
CONFIG_TARGET_ath79_generic=y
CONFIG_TARGET_ath79_generic_DEVICE_netgear_wnr2200-8m=y
CONFIG_ALL_KMODS=y
CONFIG_DEVEL=y
CONFIG_CCACHE=y
CONFIG_COLLECT_KERNEL_DEBUG=y
CONFIG_IMAGEOPT=y
CONFIG_KERNEL_DEBUG_INFO=y
CONFIG_KERNEL_DEBUG_KERNEL=y
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>