With rxkh_file, hostapd will read a list of RxKHs from a text file.
This also makes it possible for hostapd to dynamically reload RxKHs.
RxKHs defined in rxkh_file should be formated as described in hostapd.conf,
with one entry per line.
R0KH/R1KH format:
r0kh=<MAC address> <NAS Identifier> <256-bit key as hex string>
r1kh=<MAC address> <R1KH-ID> <256-bit key as hex string>
Reworked behavior of the uci options r0kh and r1kh.
When rxkh_file is not configured:
Instead of appending the RxKHs to the hostapd bss configuration.
They will be added to a interface specific file with name
/var/run/hostapd-phyX-apX.rxkh.
This file will be used as the rxkh_file in the hostapd bss configuration.
When rxkh_file is configured:
The specified file will be used in the hostapd bss configuration,
and will be the only source for configured RxKHs.
All RxKHs defined with the uci options r0kh or r1kh will be ignored.
Signed-off-by: Sybil127 <sybil127@outlook.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The initialization of mesh interfaces currently fail when wpa_supplicant
is not installed. This is due to the script calling the wpa_supplicant
feature indicator without verifying wpa_supplicant is installed at all.
To avoid failing, first check if wpa_supplicant is installed before
determining the available featureset.
Signed-off-by: David Bauer <mail@david-bauer.net>
This reverts commit 1cea889c96.
This reverts commit 5fd86d66c1.
The patch is causing build servers to fail. Revert it for now.
Signed-off-by: John Crispin <john@phrozen.org>
This option enables support for monochrome LEDs that are grouped into multicolor
LEDs which is useful in the case where LEDs of different colors are physically
grouped in a single multi-color LED and driven by a controller that doesn't have
multi-color support.
Signed-off-by: Jonathan Brophy <professor_jonny@hotmail.com>
Link: https://github.com/openwrt/openwrt/pull/16397
Signed-off-by: John Crispin <john@phrozen.org>
Some devices use file '/tmp/sysupgrade.tar' during settings restore and
this potentially big file was not being cleaned up from RAM afterwards.
See: do_mount_root() (base-files/files/lib/preinit/80_mount_root)
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15339
Signed-off-by: John Crispin <john@phrozen.org>
dnsmasq passes a limited amount of information via DHCP script arguments. Much
more information is available through environment variables starting with
DNSMASQ_, such as DNSMASQ_INTERFACE. However, when the dhcp-script builds its
JSON environment and passes it to hotplug, all of this information is discarded
since it is not copied to the JSON environment.
Personally, I have a custom-made set of DDNS scripts and rely on environment
variables such as DNSMASQ_INTERFACE in order to determine which DNS zones
to update. So, not being able to access these variables was detrimental to me.
I patched in a quick copy of all DNSMASQ_ variables to the JSON environment
so that they can be used in hotplug scripts. In order to do so I also copied
/usr/bin/env into dnsmasq's chroot jail.
Signed-off-by: Chuck R <github@chuck.cloud>
Link: https://github.com/openwrt/openwrt/pull/16354
Signed-off-by: John Crispin <john@phrozen.org>
Group 'local' declarations and 'json_get_vars', sort alphabetically within groups, and split off more generic parameters.
- delegate and sourcefilter were not declared as local variables
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Link: https://github.com/openwrt/openwrt/pull/16734
Signed-off-by: John Crispin <john@phrozen.org>
Group 'local' declarations and 'json_get_vars', sort alphabetically within groups, and split off more generic parameters.
- delegate and sourcefilter were not declared as local variables
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Group 'local' declarations and 'json_get_vars', sort alphabetically within groups, and split off more generic parameters.
- delegate and sourcefilter were not declared as local variables
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Add option to set LED brightness via uci:
config led 'led_blue'
option name 'blue'
option sysfs 'blue:status'
option brightness '1'
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17190
Signed-off-by: John Crispin <john@phrozen.org>
change Support-UDP-Traceroute rule from 'enabled false' to 'enabled 0'
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17133
Signed-off-by: John Crispin <john@phrozen.org>
Regarding SAE support in wifi-station:
Important Note: Unlike PSK wifi-stations, both `mac` and `key` options are required
to make it work. With PSK, hostapd used to perform a brute-force match to find which
PSK entry to use, but with SAE this is infeasible due to SAE's design.
When `mac` is omitted, it will allow any MAC address to use the SAE password if it
didn't have a MAC address assigned to it, but this could only be done once.
The last wildcard entry would be used.
Also, unlike "hostapd: add support for SAE in PPSK option" (commit 913368a),
it is not required to set `sae_pwe` to `0`. This gives it a slight advantage
over using PPSK that goes beyond not needing RADIUS.
Example Configuration:
```
config wifi-vlan
option iface default_radio0
option name 999
option vid 999
option network management
config wifi-station
# Allow user with MAC address 00:11:22:33:44:55 and matching
# key "secretadminpass" to access the management network.
option iface default_radio0
option vid 999
option mac '00:11:22:33:44:55'
option key secretadminpass
config wifi-vlan
option iface default_radio0
option name 100
option vid 100
option network guest
config wifi-station
# With SAE, when 'mac' is omitted it will be the fallback in case no
# other MAC address matches. It won't be possible for a user that
# has a matching MAC to use this network (i.e., 00:11:22:33:44:55
# in this example).
option iface default_radio0
option vid 100
option key guestpass
```
Regarding PSK file creation optimization:
This patch now conditionally runs `hostapd_set_psk_file` depending on `auth_type`.
Previously, `hostapd_set_psk` would always execute `hostapd_set_psk_file`, which
would create a new file if `wifi-station` was in use even if PSK was not enabled.
This change checks the `auth_type` to ensure that it is appropriate to parse the
`wifi-station` entries and create those files.
Furthermore, we now only configure `wpa_psk_file` when it is a supported option
(i.e., psk or psk-sae is used). Previously, we used to configure it when it was
not necessary. While it didn't cause any issues, it would litter `/var/run` with
unnecessary files. This patch fixes that case by configuring it depending on the
`auth_type`.
The new SAE support is aligned with these PSK file changes.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/17145
Signed-off-by: John Crispin <john@phrozen.org>
93458ac dns: fix response to TYPE_PTR query
68af311 fix unicast response port and timeout
a2b4979 service: announce all services in single dns answer
4537734 display announced services in ubus call umdns browse
0b50c29 display more srv attributes in output of ubus browse function
Signed-off-by: John Crispin <john@phrozen.org>
e2f05de state: set_stdio: chdir back to / in case of failure
30542c9 inittab: Disable implicit controlling TTY.
Signed-off-by: John Crispin <john@phrozen.org>
libbfd feature is not used when building eBPF program, and it makes bpftool fail to build in a clean environment, since binutils in toolchain have libbfd disabled.
Signed-off-by: Eric Long <i@hack3r.moe>
Link: https://github.com/openwrt/openwrt/pull/17073
Signed-off-by: Robert Marko <robimarko@gmail.com>
Enable the busybox feature to save shell command history.
(.apk size increase 0.5 kB)
To prevent flash wear,
* save history only at the exit from a shell session, and
* set /tmp as the default location for the history file. The history
is kept on ramdisk until a reboot, when the history is then lost.
If the user wants to save history onto flash, he can change the location
definition in /etc/profile.d/busybox-history-file.sh
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/17179
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Linksys MR7350 is a 802.11ax Dual-band router/AP.
Specifications:
* CPU: Qualcomm IPQ6000 Quad core Cortex-A53(A73) 1.5GHz
* RAM: 512MB of DDR3
* Storage: 256Mb NAND
* Ethernet: 5x1G RJ45 ports (QCA8075)
* WLAN:
* 2.4GHz: Qualcomm QCN5022 2x2 802.11b/g/n/ax 574 Mbps PHY rate
* 5GHz: Qualcomm QCN5052 2x2@80MHz or 802.11a/b/g/n/ac/ax 1201 Mbps PHY rate
* LED-s:
* RGB system led
* USB blue led
* Buttons: 1x Soft reset 1x WPS
* Power: 12V DC Jack
Installation instructions:
Open Linksys Web UI - http://192.168.1.1/ca or http://10.65.1.1/ca depending on your setup.
Login with your admin password. The default password can be found on a sticker under the device.
To enter into the support mode, click on the “CA” link and the bottom of the page.
Open the “Connectivity” menu and upload the squash-factory image with the “Choose file” button.
Click start. Ignore all the prompts and warnings by click “yes” in all the popups.
The Wifi radios are turned off by default. To configure the router, you will need to connect your computer to the LAN port of the device.
Then you would need to write openwrt to the other partition for it to work
- First Check booted partition:
fw_printenv -n boot_part
- Change the partition:
fw_setenv boot_part 1
or
fw_setenv boot_part 2
depending on the current partition
- Then install Openwrt to the other partition if booted in slot 1:
mtd -r -e alt_kernel -n write openwrt-qualcommax-ipq60xx-linksys_mr7350-squashfs-factory.bin alt_kernel
- If in slot 2:
mtd -r -e kernel -n write openwrt-qualcommax-ipq60xx-linksys_mr7350-squashfs-factory.bin kernel
Co-Authored-by: Chukun Pan <amadeus@jmu.edu.cn>
Co-Authored-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Vladyslav Andreichykov <vladdrako007@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14807
Signed-off-by: Robert Marko <robimarko@gmail.com>
47b54cf5a4b6 types: introduce `ucv_array_sort_r()` and `ucv_object_sort_r()`
efeb57806552 types, vm: refactor usage of global variables
f9d2faf67de6 vm: reset signals when freeing VM
4e86847d802d lib: utilize `ucv_array_sort_r()` and `ucv_object_sort_r()`
c71444ea301f types: ucv_resource_create(): rename `typename` parameter to `type`
373df7299c79 nl80211: properly support split_wiphy_dump for single phys
9bcd25f54708 lexer: Preserve keyword, regexp flags until processing non-comment tokens
0a7ff4715cb8 main: pretty-print `-p` output by default
4c3d5b469156 struct: Add new buffer API for incremental packing/unpacking
efc4122124cb struct: do not use global variables for caching types
Fixes: https://github.com/jow-/ucode/issues/248
Fixes: https://github.com/jow-/ucode/issues/250
Fixes: https://github.com/efahl/owut/issues/25
Link: https://github.com/openwrt/openwrt/pull/17191
Signed-off-by: Robert Marko <robimarko@gmail.com>
Specifications:
SoC: Qualcomm IPQ6000 1.5GHz
RAM: NTCC256M16ER-EK 512MiB
Flash: W29N01HZSINA 128MiB
ETH: QCA8075 (3x LAN, 1x WAN)
WLAN1: 2.4GHz 802.11b/g/n/ax 2x2
WLAN2: 5GHz 802.11a/n/ac/ax 2x2
Power: DC 12V 1.5A
Button: Reset, Wps
USB: 1x 2.0
Flash instructions:
1. Download the initramfs image, rename it to
initramfs.itb, host it with the tftp server.
2. Interrupt U-Boot and run these commands:
tftpboot initramfs.itb
bootm
3. After openwrt boots up, use scp or luci web
to upload sysupgrade.bin to upgrade.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Link: https://github.com/openwrt/openwrt/pull/15940
Signed-off-by: Robert Marko <robimarko@gmail.com>
Contains following updates:
* ipq8074: add TP-Link_deco-x80-5g BDF
* ipq6018: add BDF for Qihoo 360V6
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Link: https://github.com/openwrt/openwrt/pull/15940
Signed-off-by: Robert Marko <robimarko@gmail.com>
Change the cron log level in init script from 5 to 7
in order to match previous log behavior and to avoid
log spam every minute.
Busybox cron only uses levels 5,7,8, where 5 is debug and
7 and 8 are normal logging. Use 7 as default.
(Fun note: this is needed because upstream corrected an
ancient bug in their own log level handling and now 5 actually
means something.)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/17107
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add a patch to fix non-x86 builds, refresh patches and update/fix the
configuration as described in 98b09ba250 (cited here for future reference).
Config refresh:
Refresh commands, run after busybox is first built once:
cd package/utils/busybox/config/
../convert_menuconfig.pl ../../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.37.0
cd ..
./convert_defaults.pl ../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.37.0/.config > Config-defaults.in
Manual edits needed after config refresh:
* Config-defaults.in: OpenWrt config symbol IPV6 logic applied to
BUSYBOX_DEFAULT_FEATURE_IPV6
* Config-defaults.in: OpenWrt config TARGET_bcm53xx logic applied to
BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)
* Config-defaults.in: OpenWrt logic applied to
BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD (commit dc92917)
* Config-defaults.in: correct the default ports that get reset
BUSYBOX_DEFAULT_FEATURE_HTTPD_PORT_DEFAULT 80
BUSYBOX_DEFAULT_FEATURE_TELNETD_PORT_DEFAULT 23
* config/editors/Config.in: Add USE_GLIBC dependency to
BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)
* config/shell/Config.in: change at "Options common to all shells" the conditional symbol
SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH
(discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
Apparently our script does not see the hidden option while
prepending config options with "BUSYBOX_CONFIG_" which leads to a
missed dependency when the options are later evaluated.)
* Edit a few Config.in files by adding quotes to sourced items in
config/Config.in, config/networking/Config.in and config/util-linux/Config.in (commit 1da014fcca)
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[rebased with the change download line commit]
[corrected version in the refresh example in commit message]
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/17107
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
- fix variable references for ft key
- add r0kh and r1kh if ft_generate_local is not set (logic inversion bug)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The internal hostapd version cannot be built with EAP-pwd support, so
enable it only for the SSL variants.
Fixes: #17163
Fixes: 6365316fab ("hostapd: add ubus support for wired driver")
Link: https://github.com/openwrt/openwrt/pull/17164
Signed-off-by: Robert Marko <robimarko@gmail.com>
3da6c104f0f5 database: use APK_DB_LAYER_ROOT in more places
5437e3abada1 audit: add usr/lib/apk to the list of protected paths under --full
de9baf912245 change default db location to /usr, but detect and use /lib if exists
218fdaa1a1a2 context: close root_fd on free
d33294236cb4 database: add support for only-when-modified trigger paths
36935db0ef3b package: fix memfd_create warnings on Linux kernels < 6.7
1c3fc36051a3 blob: add and use apk_blob_trim_{start,end}
af5f9e3f93b0 pkg: fix v3 package size setting to installeddb
9428e34694c8 version: allow --check and --test to work without database
4b4add5326a8 test: fix unit test registration function to be unique
eac18cb200d4 test: add testlib.sh for user tests
20dae205b006 mkpkg: fix creation of package with hardlinks
7bdecdca6a95 pkg: only allow tags in world and some commands
76de228bcc0b commit: show tags of world constrains
9a1b1cf68420 test: use testlib for solver.sh
99fc2a2a5efc test: remove dependency on GNU tar
6927746b9a10 Revert usrmerge/LFS related changes to apk used paths
5d287a9b06e9 apk-tools-3.0.0_pre5
8d93a79fb895 mkpkg: fix hardlink on big-endian system
Link: https://github.com/openwrt/openwrt/pull/17148
Signed-off-by: Robert Marko <robimarko@gmail.com>
Rename jffs2reset to factoryreset. Convert all scripts to using the new command
line. Print a deprecation notice when jffs2reset is invoked.
49d36ba jffs2reset: rename to factoryreset
b135064 jffs2reset: print deprecation message
Signed-off-by: John Crispin <john@phrozen.org>
Add an ucode based re-implementation of the shell script based wifi code.
The new code is jsonschema driven. The code has been refactored into several
files making it easier to follow.
The new scripts are also way faster than the previous sh implementation.
The new code is currently opt-in via WIFI_SCRIPTS_UCODE and defaults to
EXPERIMENTAL.
Signed-off-by: John Crispin <john@phrozen.org>
Add an ucode based re-implementation of iwinfo. The tool behaves like the old
one with a few minor output differences. It is now possible to add -j to any
command resulting in JSON output.
The new code is currently opt-in via WIFI_SCRIPTS_UCODE and defaults to
EXPERIMENTAL.
Signed-off-by: John Crispin <john@phrozen.org>
b0b5d93 Merge pull request #234 from IdWV/fs
60e7a88 Merge pull request #232 from sebastianertz/lib-digest
1752779 digest: implement compile time option to exclude less common algorithms
c7268a1 ci: include libmd in MacOS CI builds
fcb6f70 lib: introduce digest library
1323a27 Merge pull request #246 from jow-/fix-upvalue-resolve
ed5ce8f types: resolve upvalue values in arrays and objects
a6e0641 vm: resolve upvalues before pushing them onto the stack
ef1baab ci: drop OpenWrt tests for now
63e18ea fs: eliminate the usage of global variables
b1bd7b5 types: add ucv_resource_create() helper
3408edf Merge pull request #244 from nbd168/nl80211
8af77e7 nl80211: add new attributes for multi-radio support
1423ad7 nl80211: cover extended feature and EHT rate info attributes
ee1d6d8 Merge pull request #237 from sebastianertz/math
4b18a9b Merge pull request #213 from jow-/improve-vector-macros
1f022c0 math: removed global variable for thread safety
e5fe6b1 treewide: refactor vector usage code
20307ee utils: improve vector utilities
aa18952 Merge pull request #241 from jow-/socket-local-fanout-decl
79ccd9c socket: provide local definition of `struct fanout_args`
402280d Merge pull request #239 from jow-/safe-insert-during-obj-iteration
07afe96 Merge pull request #240 from jow-/stricter-number-conversion
736d450 types: fix potential use after free on adding keys during iteration
4134e71 vallist: more thoroughly check for trailing garbage after numeric string
9cf53dd Merge pull request #226 from jow-/lexer-improvements
2b2e732 lexer: make api functions public
855854f lexer: emit comment and template statement block tokens
328a50f lexer: improve token position reporting
fa22732 Merge pull request #225 from jow-/compiler-fix-keyword-property-labels-after-spread
6e88c62 Merge pull request #224 from jow-/lib-fs-readline-leak
94d1211 compiler: properly treat property names after spread expressions
67cd123 fs: fix potential memory leak on i/o errors in .read()
Signed-off-by: John Crispin <john@phrozen.org>
Use and alternate ubus object when the config contains "driver=wired". This
commit is in preparation of the ieee8021x-wired daemon.
Signed-off-by: John Crispin <john@phrozen.org>
This allows a radius server to send AVPs for client rate control inside the
accept message. Further add the ratelimits to the sta-authorized ubus
notification.
Signed-off-by: John Crispin <john@phrozen.org>
