Commit Graph

4347 Commits

Author SHA1 Message Date
Konstantin Demin
05100d8651 dropbear: adjust file permissions
runtime:
- adjust ownership/permissions while starting dropbear
build time:
- correct file permissions for preseed files in $(TOPDIR)/files/etc/dropbear/ (if any)

closes #10849

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
a97e0dad6e dropbear: 'rsakeyfile' -> 'keyfile' transition
end users should have done this since OpenWrt 19.07.
if they didn't do this yet - perform auto-transition.

schedule 'rsakeyfile' removal for next year release.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
ff1ccd85e8 dropbear: failsafe: handle all supported key types
dropbear may be configured and compiled with support for different host key types

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
55218bcedb dropbear: minor config reorder
move DROPBEAR_ASKPASS under DROPBEAR_DBCLIENT (in all meanings)

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
c87a192386 dropbear: split U2F/FIDO support
these options allow one to configure U2F/FIDO support in more granular way

inspired by upstream commit aa6559db

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
bf900e02c7 dropbear: add option to enable modern crypto only
reduces binary/package size and increases overall performance

also:
- adjust 910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
  to build without DROPBEAR_RSA/DROPBEAR_RSA_SHA256

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
88c8053d47 dropbear: adjust allowed shell list
this takes an effect only if getusershell(3) is missing

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
7f6fcaa3bf dropbear: honor CONFIG_TARGET_INIT_PATH
fixes 65256aee

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
2d9a0be307 dropbear: disable two weak kex/mac algorithms
hmac-sha1 and diffie-hellman-group14-sha1 are weak algorithms.
A future deprecation notice of ssh-rsa (2048-bit) has been issued. [1]

It has no place in a potentially internet-facing daemon like dropbear.
Upstream has acknowledged this and offered this solution to disable
these two until this is made to be the default in the next release
of dropbear next year. [2]

1. https://www.openssh.com/txt/release-8.2
2. https://github.com/mkj/dropbear/issues/138

Signed-off-by: John Audia <therealgraysky@proton.me>
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
0b277f8659 dropbear: minor config clarification
- "default n" is not needed: options are not selected by default
- wrap config on 80 characters width (assuming tab is 8 characters long)
- add feature cost size and security notes for DROPBEAR_AGENTFORWARD
  and DROPBEAR_DBCLIENT_AGENTFORWARD:
  describe why and where it should be disabled

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
fa849fd411 dropbear: better object cleanup
improves b78aae79

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
f2b2293663 dropbear: allow more complex configuration
- switch DB_OPT_COMMON and DB_OPT_CONFIG to comma-separated lists:
  this allows to have values with "|" in DB_OPT_COMMON and DB_OPT_CONFIG
  which is more likely to be than values with commas;
  use $(comma) variable for values with commas.
- sort DB_OPT_COMMON and DB_OPT_CONFIG to have "overrides" on top of list.
- allow DB_OPT_COMMON to have values with commas.
- allow to replace multiline definitions in sysoptions.h.

improves e1bd9645

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
b5cde26048 dropbear: cherry-pick upstream patches
critical fixes:
- libtommath: possible integer overflow (CVE-2023-36328)
- implement Strict KEX mode (CVE-2023-48795)

various fixes:
- fix DROPBEAR_DSS and DROPBEAR_RSA config options
- y2038 issues
- remove SO_LINGER socket option
- make banner reading failure non-fatal
- fix "noremotetcp" behavior
- don't try to shutdown a pty
- fix test for multiuser kernels

adds new features:
- option to bind to interface
- allow inetd with non-syslog
- ignore unsupported command line options with dropbearkey

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
d4dfb566e2 dropbear: bump to 2022.83
- update dropbear to latest stable 2022.83;
  for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- drop patches:
  - 001-fix-MAX_UNAUTH_CLIENTS-regression.patch
- rework patches:
  - 901-bundled-libs-cflags.patch
- refresh remaining patches

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Stephen Howell
d274867c21 lldpd: add option to force EDP
allow EDP support if compiled and add force EDP option

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
8b2d02e48c lldpd: only use snmp options when compiled in
prevent SNMP options being passed unless lldpd supports them

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
1b36d44323 lldpd: Update Makefile package release
increment Makefile package release to reflect changes to init script

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
a5f715da71 lldpd: add option for tx delay and tx hold
add option to set LLDP transmit delay, hold timers to set update frequency

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
4159acceeb lldpd: add option to set system platform
add option to override system platform instead of using kernel name

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
4ac134aa78 lldpd: add option to force SONMP enabled
add option to force SONMP to be enabled even when no peer detected

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
1be2088a52 lldpd: add option to force FDP on
add option to force FDP when no peers detected

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
b67182008f lldpd: set CDP version and allow forcing CDP on
add option to specify CDPv1 or CDPv2 and separately enable or force each

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
61dbe756d8 lldpd: allow disabling LLDP protcol
add option to allow LLDP disabling while using other supported protocols

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
ac771313eb lldpd: add portidsubtype option
add option portidsubtype to correct port identifiers and descriptions

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
c98ee4dbb3 lldpd: add agent-type option
add option to set agent-type to control propogation

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
24176a6bdd lldpd: add LLDP MED options
add option to enable LLDP MED fast-start and set fast-start timer

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
1753498b01 lldpd: option to disable LLDP-MED inventory TLV
add option to disable LLDP-MED inventory TLV transmission

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
058f284b1a lldpd: Init adds no-version option
add option to disable advertising kernel version

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
ac3ed75309 lldpd: Allow neighbour filtering
add filter option to init script.

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
064b4999ad lldpd: LLDPD binds to only specified interfaces
Bind to the configured system interfaces only. Switchport interfaces
are no longer ignored and uci interface values for LLDPD are honored.

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
e483c247dc lldpd: Init config read on reload
Init script reload with trigger to detect config file update.
Reload command added to attempt non-impactful lldpd reload where
lldpcli can be used to update config without process restart.
Config hash function used to track whether process restart is needed.

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Felix Fietkau
4cd8ae67c5 wifi-scripts: fix copy&paste issue in metadata
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-06 10:47:22 +01:00
Felix Fietkau
0e3f147574 wifi-scripts: add script to add phy capabilities to board.json
Useful for UI and config generators. Will be used as intermediate
step for generating the default wifi configuration

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-03 16:16:36 +01:00
Felix Fietkau
2716853132 wifi-scripts: add new package, move wifi scripts to a single place
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-03 16:16:36 +01:00
Daniel Golle
7eee094f01 uhttpd: bump PKG_RELEASE
Bump PKG_RELEASE which should have been done by commit 7b1c3068b7
("uhttpd: restart when interface to listen becomes available").

Fixes: 7b1c3068b7 ("uhttpd: restart when interface to listen becomes available")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-02 04:22:17 +00:00
Daniel Golle
7b1c3068b7 uhttpd: restart when interface to listen becomes available
Currently uhttpd won't start with a listening interface configured if
the interface isn't already up at the time uhttpd starts. Make sure we
attempt to start uhttpd when it comes up.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-01 00:52:54 +00:00
Álvaro Fernández Rojas
e5efc638a7 iwinfo: update to latest git HEAD
Adds MediaTek MT7916AN and Cypress CYW43455 (Raspberry Pi 5) devices.

a34977c devices: add device id for Cypress CYW43455
3eb34df devices: add device id for MediaTek MT7916AN

There are no ABI changes.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2024-01-26 18:29:54 +01:00
Rany Hany
59f67b2010 hostapd: fail R0KH and R1KH derivation when wpa_psk_file is used
When wpa_psk_file is used, there is a chance that no PSK is set. This means
that the FT key will be generated using only the mobility domain which
could be considered a security vulnerability but only for a very specific
and niche config.

Signed-off-by: Rany Hany <rany_hany@riseup.net>
2024-01-25 20:02:40 +01:00
Jesus Fernandez Manzano
e2f6bfb833 hostapd: fix 11r defaults when using SAE
When using WPA3-SAE or WPA2/WPA3 Personal Mixed, we can not use
ft_psk_generate_local because it will break FT for SAE. Instead
use the r0kh and r1kh configuration approach.

Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
2024-01-25 20:02:40 +01:00
Jesus Fernandez Manzano
cdc4c55175 hostapd: fix 11r defaults when using WPA
802.11r can not be used when selecting WPA. It needs at least WPA2.

This is because 802.11r advertises FT support in-part through the
Authentication and Key Management (AKM) suites in the Robust
Security Network (RSN) Information Element, which was included in
the 802.11i amendment and WPA2 certification program.

Pre-standard WPA did not include the RSN IE, but the WPA IE.
This IE can not advertise the AKM suite for FT.

Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
2024-01-25 20:02:40 +01:00
Felix Fietkau
195cf4b58d hostapd: remove obsolete function
Leftover from authsae, which was removed a long time ago

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-01-25 20:02:30 +01:00
Nick Hainke
6f90118533 iproute2: update to 6.7.0
Release Notes:
https://lwn.net/Articles/957171/

Remove patch "100-configure.patch" because support for ATM was dropped [0].

Manually refresh:
- 200-drop_libbsd_dependency.patch

Automatic refresh:
- 130-no_netem_tipc_dcb_man_vdpa.patch
- 140-keep_libmnl_optional.patch
- 145-keep_libelf_optional.patch
- 150-keep_libcap_optional.patch
- 155-keep_tirpc_optional.patch
- 190-fix-nls-rpath-link.patch
- 300-selinux-configurable.patch

[0] - https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=a66a73af6db74fdb64439316c69aa0e35dd02c47

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-01-25 16:08:25 +01:00
Jo-Philipp Wich
039f8a1241 wireguard-tools: avoid redundant jsonfilter calls
Use a single jsonfilter expression to yield the list of logical wireguard
interface names in shell compatible notation.

Supersedes: #12344
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2024-01-23 09:19:35 +01:00
David Bauer
56d7887917 hostapd: ACS: Fix typo in bw_40 frequency array
[Upstream Backport]

The range for the 5 GHz channel 118 was encoded with an incorrect
channel number.

Fixes: ed8e13decc71 (ACS: Extract bw40/80/160 freqs out of acs_usable_bwXXX_chan())
Signed-off-by: Michael Lee <michael-cy.lee@mediatek.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
2024-01-18 23:22:33 +01:00
Daniel Golle
a8cf9f860f uqmi: update to git HEAD
c3488b8 uqmi: cancel all requests on SYNC indication reception
dfa612e uqmi: improve response detection

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-01-16 23:36:37 +00:00
Felix Fietkau
912e573127 hostapd: add back missing function for updating wpa_supplicant macaddr list
Make the call deferred instead of blocking to avoid deadlock issues

Fixes: 3df9322771 ("hostapd: make ubus calls to wpa_supplicant asynchronous")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-01-13 16:12:34 +01:00
Felix Fietkau
12c8bba731 hostapd: fix an exception in hostapd.uc on interface add failure
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-01-13 15:22:27 +01:00
Felix Fietkau
5b8f188c0f Revert "mac80211: rework interface setup, fix race condition"
This reverts commit b7f9742da8.
There are several reports of regressions with this commit. Will be added
back once I've figured out and fixed the cause

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-01-13 11:19:34 +01:00
Felix Fietkau
b7f9742da8 mac80211: rework interface setup, fix race condition
Only tell netifd about vifs when the setup is complete and hostapd +
wpa_supplicant have been notified

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-01-11 10:40:43 +01:00
Felix Fietkau
3df9322771 hostapd: make ubus calls to wpa_supplicant asynchronous
This fixes a deadlock issue where depending on the setup order, hostapd and
wpa_supplicant could end up waiting for each other

Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-01-11 09:15:54 +01:00
Uwe Niethammer
6b0db8592a uqmi: added timeouts in qmi.sh
Modems which are using qmi do not reply on the 1st sync but they do
on subsequent. Sometimes uqmi is hanging - even when using an early
dummy access to unlock the modem. To always guarantee a proper
initialisation, running or hanging uqmi processes must be stopped
before. All uqmi calls have now a timeout option -t to avoid hanging.

Signed-off-by: Uwe Niethammer <uwe@dr-niethammer.de>
2024-01-10 22:43:32 +01:00
Rafał Miłecki
1f11a4e283 uhttpd: handle reload after uhttpd-mod-ubus installation using postinst
Use postinst script to reload service instead of uci-defaults hack. It's
possible thanks to recent base-files change that executes postinst after
uci-defaults.

This fixes support for uhttpd customizations. It's possible (again) to
adjust uhttpd config with custom uci-defaults before it gets started.

Cc: Hauke Mehrtens <hauke@hauke-m.de>
Fixes: d25d281fd6 ("uhttpd: Reload config after uhttpd-mod-ubus was added")
Ref: b799dd3c70 ("base-files: execute package's "postinst" after executing uci-defaults")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-01-10 17:06:56 +01:00
Felix Fietkau
d864f68232 hostapd: add missing NULL pointer check on radar notification
Fixes a race condition that can lead to a hostapd crash

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-01-09 11:06:24 +01:00
Felix Fietkau
0f1b3d5c02 netifd: update to Git HEAD (2024-01-04)
4219e99eeec7 system-linux: fix race condition in netlink socket error handing
f01345ec13b9 device: restore cleared flags on device down

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-01-04 13:52:02 +01:00
David Bauer
f95eecfb21 dropbear: increase default receive window size
Increasing the receive window size improves throughout on higher-latency
links such as WAN connections. The current default of 24KB caps out at
around 500 KB/s.

Increasing the receive buffer to 256KB increases the throughput to at
least 11 MB/s.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-12-28 23:37:51 +01:00
Felix Fietkau
44be35890b netifd: update to Git HEAD (2023-12-19)
a2d32f0dcf16 Revert "system-linux: set pending to 0 on ifindex found or error for if_get_master"

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-12-19 22:35:22 +01:00
Felix Fietkau
62a2af6555 netifd: update to Git HEAD (2023-12-18)
730b4656e6b1 netifd: fix undefined va_list value which can cause crashes
c59457f69709 device: Log error message if device initialization failed

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-12-18 11:49:15 +01:00
Christian Marangi
e2fa450560
netifd: update to Git HEAD (2023-12-17)
66a7652176a7 system-linux: set pending to 0 on ifindex found or error for if_get_master

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-12-17 17:35:45 +01:00
Thibaut VARÈNE
8815a3114f dnsmasq: invert logic for "localuse"
Prior to this commit, "localuse" (which enables local resolving through
dnsmsasq) was off by "default". That default was in turn overridden when
"noresolv" was unset (which itself is the default for "noresolv") *and*
"resolvfile" was "/tmp/resolv.conf.d/resolv.conf.auto" (also the default
for this parameter).

In other words, the "default" unset value for "localuse" would only be
ever used in specific *non-default* configurations.

However, the problem with that logic is that a user who wants to ignore
their ISP-provided resolvers by setting "noresolv" to true ends up with
a device that will *only use* said resolvers for local DNS queries,
serving clients' queries via dnsmasq (which now ignores the ISP
resolvers). This can lead to confusion and break random setups as the
DNS lookup performed on clients behalf can differ in their replies from
DNS lookups performed locally on the router.

Furthermore, "localuse" is not configurable through Luci, contrary to
the other two involved settings, adding further confusion for the end
user.

To work around this situation, the logic that sets "localuse" is
inverted: "localuse" now defaults to on by default, and IFF "noresolv"
is unset (default) AND "resolvfile" is changed from default THEN
"localuse" gets turned back off, allowing for more sensible behaviour.

"localuse" value set in config/dhcp still overrides the logic in all
cases, as it did already.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2023-12-16 15:28:21 +00:00
Nick Hainke
62ff11576d ethtool: update to 6.6
Release Notes:
https://lore.kernel.org/netdev/20231123220625.q427zyjaogdmlf6d@lion.mk-sys.cz/T/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-12-12 14:34:11 +01:00
Christian Marangi
db3afed6ce
netifd: update to Git HEAD (2023-12-12)
8f2806a37fe1 system-linux: set master early on apply settings
e3fc2b0026a5 system-linux: skip refreshing MAC on master change if custom MAC

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-12-12 01:18:37 +01:00
Nick Hainke
9ed26a48d9 iproute2: update to 6.6.0
Release Notes:
https://lore.kernel.org/netdev/20231106090325.07092c87@hermes.local/T/

Automatically refreshed:
- 115-add-config-xtlibdir.patch
- 175-reduce-dynamic-syms.patch
- 195-build_variant_ip_tc.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-12-11 16:44:19 +01:00
Felix Fietkau
5fec4d6cd5 netifd: update to Git HEAD (2023-12-05)
02bc2e14d1d3 udebug: use helper code for ubus config handling
1b967334189b netifd: add netlink udebug ring
061e308f9f7d debug: remove newline from debug messages
f1763852dfba bridge: fix reload on bridge vlan changes
cc9e928f0a12 bridge: rework config change pvid handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-12-05 13:07:30 +01:00
Tony Ambardar
1020ac6f47 bpftool: Update to v7.3.0
Update to the latest upstream release to include recent improvements and
bugfixes. Also refresh local patches.

Link: https://github.com/libbpf/bpftool/releases/tag/v7.3.0
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2023-11-30 13:35:27 -08:00
Felix Fietkau
f909059b74 hostapd: use new udebug ubus api to make debug rings configurable
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-30 20:08:56 +01:00
Sven Eckelmann
711dcb7763 dnsmasq: mark global ubus context as closed after fork
If the dnsmasq process forks to handle TCP connections, it closes the ubus
context. But instead of changing the daemon wide pointer to NULL, only the
local variable was adjusted - and this portion of the code was even dropped
(dead store) by some optimizing compilers.

It makes more sense to change the daemon->ubus pointer because various
functions are already checking it for NULL. It is also the behavior which
ubus_destroy() implements.

Fixes: d8b33dad0b ("dnsmasq: add support for monitoring and modifying dns lookup results via ubus")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2023-11-26 19:58:35 +01:00
Felix Fietkau
0f283ab4c9 umdns: update to Git HEAD (2023-11-21)
9040335e102b interface: fix interface memory corruption
b1e023eda358 add udebug support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-21 07:36:08 +01:00
Felix Fietkau
cafb961850 netifd: update to Git HEAD (2023-11-20), adds udebug support
9dcc37a77cb2 add udebug support
525fa911e8ab replace DPRINTF calls with D(...)
7642eaba3838 system-linux: fix bogus debug error messages on adding bridge members
f3e06e81b347 wireless: add bridge_isolate option

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-20 19:18:06 +01:00
Felix Fietkau
2723f16dda hostapd: add missing acl entries for udebug
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-20 14:10:27 +01:00
Felix Fietkau
effc305cda hostapd: add udebug support
This is not activated by default and must be explicitly enabled via ubus
It supports reporting log messages and netlink packets

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-20 11:58:54 +01:00
Nazar Mokrynskyi
684d1a5c35 hostapd: fix undeclared variable iface_name
Signed-off-by: Nazar Mokrynskyi <nazar@mokrynskyi.com>
2023-11-19 19:10:42 +01:00
Philip Prindeville
af64898c26 dnsmasq: Invoke new ipcalc with CIDR notation
The new rewritten ipcalc.sh understands 3 notations:

ipaddr/prefix ...
ipaddr/dotted-netmask ...
ipaddr dotted-netmask ...

meaning that the previous 4th non-standard notation of "ipaddr prefix"
will be dropped, alas that's the notation that dnsmasq currently uses.

This change has us using the first notation which is the most common.

This behavior came in as
eda27e8382
a long time ago.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2023-11-15 20:36:35 +00:00
Jo-Philipp Wich
c23b509d72 netifd: update to Git HEAD (2023-11-14)
8587c074f1eb interface-ip: fix IPv4 route target masking

Fixes: https://github.com/openwrt/netifd/issues/17
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2023-11-14 15:35:03 +01:00
Christian Marangi
3d6b89c514
iptables: backport patch fixing bug with string module
Backport patch fixing critical bug with string module merged upstream.

Fixes: #13812
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-12 14:13:41 +01:00
Christian Marangi
a69367933d
netifd: update to Git HEAD (2023-11-11)
c739dee0a37b system-linux: refresh MAC address on DSA port conduit change

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-11 23:38:30 +01:00
Felix Fietkau
d45d72a6da netifd: update to the latest version
eee02ccca8c8 device: add support to configure eee
bb28f6a291d9 wireless: fix sign comparison warning
35facc8306f5 wireless: fix premature removal of hotplug devices due to down state

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-10 15:37:42 +01:00
Christian Marangi
1714087442
netifd: update to Git HEAD (2023-11-09)
841b05fbb91e system-linux: fix compilation error if IFLA_DSA_MASTER is not supported
5c9ecc1ff74f system-linux: make system_if_get_master_ifindex static
2dc7f450f3a2 system-linux: add option to configure DSA conduit device
838f815db5ef system-linux: add support for configurable GRO option

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-10 12:30:33 +01:00
Christian Marangi
05e516b12d
hostapd: refresh patches
Refresh patches for hostapd using make package/hostapd/refresh.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-09 16:07:55 +01:00
Christian Marangi
6c9ac57d58
hostapd: permit 40MHz in 802.1s only also for 2.4GHz g/n with noscan
Currently for 802.1s only, for wifi 2.4GHz in g/n mode, 40MHz is never
permitted.

This is probably due to the complexity of setting periodic check for the
intolerant bit. When noscan option is set, we ignore the presence of the
intoleran bit in near AP, so we can enable 40MHz and ignore any complex
logic for checking.

Fixes: #13112
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-09 15:58:38 +01:00
Christian Marangi
b1c7b1bd67
hostapd: permit also channel 7 for 2.5GHz to be set to HT40PLUS
Also channel 7 for 2.4GHz can be set to HT40PLUS. Permit this and add it
to the list of the channels.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-09 15:58:37 +01:00
Christian Marangi
1b5ea2e199
hostapd: fix broke noscan option for mesh
noscan option for mesh was broken and actually never applied.

This is caused by a typo where ssid->noscan value is check instead of
conf->noscan resulting in the logic swapped and broken.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-09 15:58:37 +01:00
Felix Fietkau
c2a30b6e01 hostapd: use rtnl to set up interfaces
In wpa_supplicant, set up wlan interfaces before adding them

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-08 12:46:29 +01:00
Felix Fietkau
531314260d wifi: fix applying mesh parameters when wpa_supplicant is in use
Apply them directly using nl80211 after setting up the interface.
Use the same method in wdev.uc as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-08 12:46:29 +01:00
Felix Fietkau
41d7439af5 netifd: update to the latest version
383753dd65ae device/bridge: support passing extra vlans in the device_set_state call
b6e75eafc1af device: send notifications for device events via ubus
cab415c7aefd bridge: add auth-required bridge members with auth_status=0 if vlan is enabled
827a02f0343c bridge: add support for configuring vlans for auth=1,auth_status=false
40ed7363caf2 device: fix build error on 32 bit systems
516ab774cc16 system-linux: fix race condition on bringing up wireless devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-07 13:36:54 +01:00
Jo-Philipp Wich
5bb3b5d46c firewall4: update to latest Git HEAD
4101dd4 fw4: perform strict validation of zone and set names
a923c88 fw4: pass zone to templates whenever possible
597dc90 fw4: add support for zone log_limit
1874050 fw4: add log_limit to rules and redirects
19a8caf ruleset: dispatch ct states using verdict map
a5553da ruleset: reduce ksoftirqd load by refering to looopback by numeric id
de3483c tests: adjust zone log limit testcases
7392792 ruleset: do not emit redundant drop invalid rules
698a533 ruleset: apply egress MSS fixup later to apply final MTU before wire

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2023-11-03 15:55:15 +01:00
Philip Prindeville
ac199c57c5
dnsmasq: don't source functions.sh twice
It's already pulled in from /etc/rc.common.

Fixes: #13758

Fixes: 6b23836071 ("package: avoid the use of eval to parse ipcalc.sh output")

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2023-11-02 20:29:38 +01:00
Petr Štetiar
6dca88aa4a
hostapd: fix broken WPS on broadcom-wl and ath11k
Upgrading wpa_supplicant from 2.9 to 2.10 breaks broadcom-wl/ath11k
based adapters. The reason for it is hostapd tries to install additional
IEs for scanning while the driver does not support this.

The kernel indicates the maximum number of bytes for additional scan IEs
using the NL80211_ATTR_MAX_SCAN_IE_LEN attribute. Save this value and
only add additional scan IEs in case the driver can accommodate these
additional IEs.

Bug: http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
Bug-Debian: https://bugs.debian.org/1004524
Bug-ArchLinux: https://bugs.archlinux.org/task/73495
Upstream-Status: Changes Requested [https://patchwork.ozlabs.org/project/hostap/patch/20220130192200.10883-1-mail@david-bauer.net]
Reported-by: Étienne Morice <neon.emorice@mail.com>
Tested-by: Étienne Morice <neon.emorice@mail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-11-01 12:23:01 +00:00
David Bauer
9a47688eee uqmi: update to latest HEAD
eea2924 uqmi: add slot number to uim-sim-status output

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-10-31 21:12:15 +01:00
David Bauer
39341f422f hostapd: fix OWE association with mbedtls
The code for hostapd-mbedtls did not work when used for OWE association.

When handling association requests, the buffer offsets and length
assumptions were incorrect, leading to never calculating the y point,
thus denying association.

Also when crafting the association response, the buffer contained the
trailing key-type.

Fix up both issues to adhere to the specification and make
hostapd-mbedtls work with the OWE security type.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-10-31 21:12:15 +01:00
David Bauer
79912a9531 uqmi: configure PDP type and APN to modem
Configure the PLMN and APN to the modem. This is required in cases,
where either the SGSN or GGSN does not permit the selection of IPv4v6
pdp type.

Previously, the modem always tried to establish a dual-stacked PDP
context regardless of the configured PDP type in uci. As this setting
can not be parameterized when creating a WDS context, configure it to
the modems internal list of profiles. This way, the PDP type is taken
into account when creating the WDS context.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-10-31 21:12:15 +01:00
David Bauer
c4321462e4 uqmi: fix non-working PLMN selection
The PLMN selection was reset when calling network-register, thus
rendering the sepcific selection of a carrier unapplied.

Set the PLMN selection after executing network-register. This seems to
cause the modem to re-select the carrier eventually.

That being said, qmi does allow the parameterization of the
network-register to include dpecific PLMN settings, however this is
currently not implemented in uqmi.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-10-31 21:12:15 +01:00
David Bauer
c1fcce1112 uqmi: set RAT preference before attach
Set the RAT preference before attaching. This handles cases better,
where a network might be available but not with the preferred RAT.

If RAT is changed to a non-available RAT after attach, QMI does not fail
with missing registration but with failing to establish a PDP session.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-10-31 21:12:15 +01:00
David Bauer
0bc2b2a780 uqmi: increase wait time before checking connection state
Increase the wait time before polling the connection state for the first
time.

Depending on the prior state of the modem, the first poll might still
return a connected state. The script then tries to establish a PDP
session, which subsequently fails as the modem by then is in scan state.

Increasing the wait-time to 3 seconds mitigates this from happening.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-10-31 21:12:15 +01:00
David Bauer
696c9f723d uqmi: add illegal SIM state recovery
On some network-triggered disconnections the UIM state might end up in
"illegal". This prevents the modem from attaching to any network in
non-restricted service modes.

Detect this state and reset the SIM card. This way, the modem can attach
to networks again.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-10-31 21:12:15 +01:00
David Bauer
ead0c19348 uqmi: don't block restart on failed registration
Failing the registration does not necessarily mean we can not bring this
interface up. For example, roaming SIM cards are possibly steered by the
home-operator.

Don't block restart of the QMI interface in this case.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-10-31 21:12:15 +01:00
Felix Fietkau
a2d8226c4f hostapd: do not trim trailing whitespace, except for newline
Fixes adding SSID or key with trailing whitespace

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-10-31 13:29:32 +01:00
Anari Jalakas
5dbdf3bb3a iptables: opt-out of lto usage
This fixes building with USE_LTO enabled.

<artificial>:(.text+0xc22): relocation R_MIPS16_26 against `libxt_DNAT_init' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol printf
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status

Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
2023-10-29 19:42:32 +01:00
Anari Jalakas
fbacc5ae52 iwinfo: opt-out of lto usage
This fixes building with USE_LTO enabled.

<artificial>:(.text+0x400c): relocation R_MIPS16_26 against `iwinfo_close' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol strcpy
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status

Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
2023-10-29 19:42:32 +01:00
Kevin Darbyshire-Bryant
0221b86032 odhcpd: Bump to latest commits
d8118f6 config: make sure timer is not on the timeouts list before freeing
4bbc6e7 add hostsfile output in addition to statefile

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2023-10-28 22:33:32 +01:00
David Bauer
0da74dbb45 uqmi: update to latest HEAD
c8c9f10 uim: fix help formatting
aac0776 uqmi: add APN profile commands
ffc5eea uim: support SIM card power-up/down
d6c963d uim: add application state to SIM status

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-10-25 22:09:42 +02:00
Rahul Thakur
002f180a97
dnsmasq: add support for RA option 31
The option 31 in the RA specifies the DNS search list, the support
to configure this via UCI is missing in case dnsmasq-dhcpv6 is used.

This commit uses the uci option domain (same as is done by odhcpd) to
read and pass the DNS search list to dnsmasq, which is then used by RA.

Hence, with this commit, we are able to configure DNS search list for the
RA messages via the uci config when dnsmsaq-dhcpv6 is used.

Signed-off-by: Rahul Thakur <rahul.thakur@iopsys.eu>
2023-10-20 16:04:59 +02:00
Nick Hainke
141780222c nftables: update to 1.0.9
ChangeLog:
https://www.netfilter.org/projects/nftables/files/changes-nftables-1.0.9.txt

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-10-20 14:42:31 +02:00
Christian Marangi
53039bf7f5
netifd: update to latest git HEAD
5590a80e2566 config: fix incompatible with jshn network-device entry

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-10-20 13:02:44 +02:00
Felix Fietkau
3e1ac00ccb umdns: update to the latest version
479c7f8676d9 cache: make record/hostname lookup case-insensitive
26c97a5a50bf ubus: add a browse flag for suppressing cached ip addresses
c286c51a9bd9 Fix AVL tree traversal in cache_record_find and cache_host_is_known
4035fe42df58 interface: use a global socket instead of per-interface ones
c63d465698c7 cache: dump hostname target from srv records
b42b22152d73 use hostname from SRV record to look up IP addresses
d45c443aa1e6 ubus: add array flag support for the hosts method

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-10-19 19:15:32 +02:00
Nick Hainke
5b85c19642 iproute2: update to 6.5.0
Release Notes:
https://lore.kernel.org/netdev/20230906093918.394a1b1d@hermes.local/T/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-10-14 08:01:56 +02:00
Nick Hainke
abe908ca53 ethtool: update to 6.5
Release Notes:
https://lore.kernel.org/netdev/20230912223336.zywfpavr3ln3trp3@lion.mk-sys.cz/T/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-10-14 08:01:45 +02:00
Martin Schiller
e53ed6af87 linux-atm: use target specific kernel headers
There are a few targets that mess with the atm kernel headers. To avoid
incompatibility between kernel and user space during compilation, the
correct headers should be used.

Consequently, the package must also be marked as nonshared.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2023-10-05 10:31:39 +02:00
Uwe Niethammer
32a696f9e4 uqmi: added timeout to fix hanging qmi.sh
Modems which are using qmi do not reply on the 1st sync but they do
on subsequent. So qmi.sh is hanging on the first call. Since 2020 uqmi
supports a timeout parameter. Unfortunately qmi.sh didn't make use of
this parameter. So qmi.sh is now invoking an early dummy access to
unlock the modem

Signed-off-by: Uwe Niethammer <uwe@dr-niethammer.de>
2023-10-03 18:50:01 +02:00
Nick Hainke
91d2ead3c3 hostapd: increase PKG_RELEASE to fix builds
Recent hostapd changes just edited the ucode files. It is required to
bump the PKG_RELEASE to include the newest changes in the latest builds.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-09-29 11:26:49 +02:00
Felix Fietkau
abceef120d hostapd: fix wpa_supplicant mac address allocation on ap+sta
If the full interface is restarted while bringing up an AP, it can trigger a
wpa_supplicant interface start before wpa_supplicant is notified of the
allocated mac addresses.
Fix this by moving the iface_update_supplicant_macaddr call to just after
the point where mac addresses are allocated.

Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-28 10:30:14 +02:00
Felix Fietkau
0c43a48735 hostapd: fix mac address of interfaces created via wdev.uc
Use the wdev config with the generated MAC address

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-27 15:04:25 +02:00
Felix Fietkau
f1bb528ae7 hostapd: fix rare crash with AP+STA and ACS enabled
Ensure that the iface disable in uc_hostapd_iface_start also clears the ACS
state.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-25 18:46:22 +02:00
Leon M. Busch-George
9f52a57c99 package: dnsmasq: remove off-by-one mitigation for limit
In the dnsmasq init script, an off-by-one in the range calculation of
ipcalc.sh was mitigated by passing the limit as if its counting started
at zero. This patch removes the mitigation as the off-by-one has been
fixed.

Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
2023-09-25 15:02:49 +02:00
Leon M. Busch-George
6b23836071 package: avoid the use of eval to parse ipcalc.sh output
Add a function 'ipcalc' to /lib/functions.sh that sets variables more
safely using export.
With this new function, dnsmasq also handles the return value of ipcalc
correctly.

Fixes: e4bd3de1be ("dnsmasq: refuse to add empty DHCP range")
Co-Authored-By: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
2023-09-25 15:02:49 +02:00
Sebastian Pflieger
3ce909914a lldpd: add lldp_syscapabilities config option
allow to overwrite the detected system capabilities e.g. if devices
does not operate as bridge.

Signed-off-by: Sebastian Pflieger <sebastian@pflieger.email>
2023-09-24 17:07:28 +02:00
Felix Fietkau
3a5ad6e3d7 hostapd: fix patch rebase after a crash fix
The patch refresh accidentally moved the hostapd_ucode_free_iface call to
the wrong function

Fixes: e9722aef9e ("hostapd: fix a crash when disabling an interface during channel list update")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-22 20:00:13 +02:00
Felix Fietkau
fd6d7aafb2 hostapd: fix wpa_supplicant bringup with non-nl80211 drivers
Needed for wired 802.1x

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-22 07:59:27 +02:00
Felix Fietkau
4145ff4d8a hostapd: add missing NULL pointer check in uc_hostapd_iface_stop
Avoid crashing if the interface has already been removed

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-20 18:40:33 +02:00
Felix Fietkau
e9722aef9e hostapd: fix a crash when disabling an interface during channel list update
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-20 14:11:14 +02:00
Alexander Couzens
8572007f90 packages: assign PKG_CPE_ID for all missing packages
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining package which have a CPE ID.
Not every package has CPE id.

Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2023-09-19 20:21:13 +02:00
Felix Fietkau
f52e008d04 netifd: update to the latest version
7a58b995fdbe wireless: update prev_config on SET_DATA notify

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-19 11:56:30 +02:00
Felix Fietkau
a511480368 hostapd: use phy name for hostapd interfaces instead of first-bss ifname
Improves reliability in error handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-19 11:56:30 +02:00
Felix Fietkau
93e147c9e6 hostapd: fix dynamically adding interfaces with 802.11ax support disabled in the build
Move an important code line outside of #ifdef CONFIG_IEEE80211AX

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-18 16:51:34 +02:00
Felix Fietkau
a33f1d3515 netifd: update to the latest version
88a3a9e2be07 wireless: clean up prev_config handling
afcd3825dad9 wireless: dynamically enable/disable virtual interfaces base on network interface autostart

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-15 20:43:27 +02:00
Felix Fietkau
f5380184e6 hostapd: add missing ubus ACL entries for AP+client (#13449)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-15 20:42:56 +02:00
Felix Fietkau
50e16efd41 hostapd: support dynamic reload of vlan files when renaming interfaces
Avoids unnecessary AP restart on ifname changes when wifi-vlan sections
are present.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-15 14:25:27 +02:00
Felix Fietkau
99515fbc36 netifd: update to the latest version
3d425f16d6a6 wireless: rework and fix vlan/station config reload handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-15 13:10:39 +02:00
Felix Fietkau
4acbe4e336 hostapd: fix more AP+STA issues
When STA is disconnected, ensure that the interface is in a cleanly stopped
state:
 - if in regular enable/disable state, stop beacons if necessary
 - in any other state, disable the interface

When the STA is up, ignore repeated start commands for the same channel, in
order to avoid unnecessary AP restarts

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-14 19:13:36 +02:00
Felix Fietkau
a63e118f77 hostapd: fix more dynamic reload issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-14 19:13:36 +02:00
Felix Fietkau
6cf27094e9 hostapd: add missing return statement
Avoids crash due to uninitialized stack/register garbage

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 22:57:49 +02:00
Felix Fietkau
7365e8f1bb hostapd: do not modify hapd->started when stopping an AP
It can cause cleanup to be skipped on wifi restart, which can lead to
use-after-free bugs

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 17:07:21 +02:00
Felix Fietkau
a463bd8c99 hostapd: update to the latest version
8e6485a1bcb0 PEAP client: Update Phase 2 authentication requirements
de9a11f4dde9 TTLS client: Support phase2_auth=2
b2a1e7fe7ab9 tests: PEAP and TTLS phase2_auth behavior
518ae8c7cca8 P2P: Do not print control characters in debug
a4c133ea73c7 WPS: Optimize attribute parsing workaround
7a37a94eaa0d Check whether element parsing has failed
f80d83368818 ACS: Remove invalid debug print
fb2b7858a728 FILS: Fix HE MCS field initialization
50ee26fc7044 P2P: Check p2p_channel_select() return value
a50d1ea6a2b3 Add QCA vendor attributes for user defined power save parameters
4636476b7f22 Set RRM used config if the (Re)Association Request frame has RRM IE
e53d44ac63e8 AP MLD: Use STA assoc link address in external auth status to the driver
99a96b2f9df7 AP MLD: OWE when SME is offloaded to the driver
96deacf5d710 nl80211: Skip STA MLO link channel switch handling in AP mode
d320692d918a AP MLD: Handle new STA event when using SME offload to the driver
faee8b99e928 tests: Fix eht_mld_sae_legacy_client to restore sae_pwe
c3f465c56c94 wlantest: Handle variable length MIC field in EAPOL-Key with OWE
605034240e0c wlantest: Support multiple input files
053bd8af8ed2 Recognize FTE MLO subelements
43b5f11d969a Defragmentation of FTE
3973300b8ded FTE protected element check for MLO Reassociation Response frame
74e4a0a6f1e4 wlantest: Learn AP MLD MAC address from Beacon frames
a5a0b2cf7b1b wlantest: Find non-AP MLD only from affiliated BSSs of the AP MLD
74472758584d wlantest: Recognize non-AP MLD based on any link address for decryption
1ffabd697c67 wlantest: Learn non-AP MLD MAC address from (Re)Association Request frames
4e8e515f92b9 wlantest: Use MLO search for the STA in reassociation
49bf9f2df95a wlantest: Use the MLD MAC address as well for matching STA entries
5434a42ec69c wlantest: Search for FT Target AP using MLD MAC address as well
a19fcf685cae wlantest: Include the MLD MAC address of the AP MLD in new-STA prints
709d46da73da wlantest: Do not claim update to AP MD MAC address if no change
770760454f9e wlantest: Do not update BSS entries for other AP MLDs in PTK cloning
084745ffc508 Add QCA vendor attributes for NDP setup
bf9cbb462fd9 Fix writing of BIGTK in FT protocol
011775af9443 tests: Check for beacon loss when using beacon protection
8f148d51322f Fix a compiler warning on prototype mismatch
b7db495ad9c9 AP: Fix ieee802_1x_ml_set_sta_authorized()
232667eafe0d Fix CCMP test vector issues
30771e6e05ed Include PTID in PV1 nonce construction for CCMP test vector
34841cfd9aba Minor formatting changes to CCMP test vectors
a685d84139e6 BSS coloring: Fix CCA with multiple BSS
bc0636841a70 wpa_supplicant: Fix configuration parsing error for tx_queue_*
2763d1d97e66 hostapd: Fix AID assignment in multiple BSSID
763a19286e2f AP: Add configuration option to specify the desired MLD address
bd209633eb10 AP: Use is_zero_ether_addr() to check if BSSID is NULL
bc0268d053b4 wlantest: Guess SAE/OWE group from EAPOL-Key length mismatch
a94ba5322803 EHT: Support puncturing for 320 MHz channel bandwidth
7e1f5c44c97e EHT: 320 MHz DFS support
6f293b32112a QCA vendor attributes for updating roaming AP BSSID info
5856373554eb Extend QCA vendor command to include more parameters for netdev events
e080930aa0a5 Define QCA vendor roam control RSSI attributes
fe72afe713ad Define QCA vendor attribute for high RSSI roam trigger threshold
47a65ccbfde2 P2P: Clean wpa_s->last_ssid when removing a temporary group network
884125ab7d21 tests: P2P autonomous GO and clearing of networking information
7637d0f25053 P2P: Do not filter pref_freq_list if the driver does not provide one
dd1330b502ff Fix hostapd interface cleanup with multiple interfaces
0a6842d5030e nl80211: Fix beacon rate configuration for legacy rates 36, 48, 54 Mbps
d606efe054d5 tests: Beacon rate configuration for 54 Mbps
f91d10c0e6aa tests: Update RSA 3k certificates
07d3c1177bbb tests: Make sae_proto_hostapd_status_* more robust
1085e3bdc6f6 Update iface->current_mode when fetching new hw_features
338a78846b44 Add a QCA vendor sub command for transmit latency statistics
9318db7c38bc wlantest: Use local variables for AA/SPA in FT Request/Response processing
628b9f10223d wlantest: Derive PMK-R1 and PTK using AA/SPA for MLO FT over-the-DS
104aa291e5c8 wlantest: Fix FT over-the-DS decryption
37c87efecfe3 wlantest: Search SPA using MLO aware find for FT Request/Response frame
19f33d7929e8 wlantest: Learn the Link ID for AP MLD affiliated BSSs
6ae43bb10323 wlantest: Learn link address for assoc link from (Re)Association Request
4c079dcc64da Increment hmac_sha*_vector() maximum num_elem value to 25
e6f64a8e1daf FT: FTE MIC calculation for MLO Reassociation Request frame
a83575df5994 wlantest: FTE MIC calculation for MLO Reassociation Request frames
ff02f734baf8 wlantest: Allow specific link BSS to be found with bss_find_mld()
7381c60db8f0 FT: Make FTE MIC calculation more flexible
ac9bf1cc2a4c Decrement hmac_sha*_vector() maximum num_elem value to 11
aa08d9d76803 Fix use of defragmented FTE information
78b153f90a74 Calculate defragmented FTE length during IE parsing
8cf919ffd5c4 wlantest: FTE MIC calculation for MLO Reassociation Response frame
d12a3dce82a9 wlantest: Store and check SNonce/ANonce for FT Authentication
20febfd7838d wlantest: Dump MLO association information in debug
609864d6a8a1 Add QCA vendor attribute to configure MLD ID in ML probe request
12154861e24a Add support for conversion to little endian for 24 bits
c437665041c0 Add Non EHT SCS Capability in (Re)Association Request frames
33da386553b7 SCS: Add support for QoS Characteristics in SCS request
edfca280cbe8 SCS: Add support for optional QoS Charateristics parameters
32dcec9529ec Send actual MFP configuration when driver takes care of BSS selection
123d16d860fa Update hw_mode when CSA finishes
b3d852560bda Change QCA vendor configure attribution name of peer MAC address
12fabc4765c2 Add QCA vendor attribute for configuring max A-MPDU aggregation count
f6eaa7b729cb Add QCA vendor attribute for TTLM negotiation support type
f6dcd326fea7 wlantest: Indicate ToDS/FromDS values for BSS DATA entries
6ce745bb87d4 wlantest: MLO support for decrypting 4-address frames
850dc1482953 wlantest: Remove duplicated A1/A2/A3 override detection for MLO
770e5a808fbb wlantest: Determine whether A1 points to STA once in rx_data_bss_prot()
377d617b574a Define new BSS command info mask for AP MLD address
d3ab6e001f62 wlantest: Use non-AP MLD's MLD MAC address in FT over-the-air derivation
a845601ffe32 wlantest: Derive PTK in MLO using MLD MAC addresses for FT over-the-air
0cd2bfc8a402 wlantest: Fix FTE MIC calculation for MLO Reassociation Response frames
528abdeb673b wlantest: Learn group keys from MLO FT Reassociation Response frames
990600753dd9 wlantest: Defragment Basic MLE before processing
de043ec01ab5 wlantest: Defragment the Per-STA Profile subelement
bae1ec693c44 wlantest: Minimal parsing of Basic MLE STA Profile
ba1579f3bf7c Clear BIGTK values from wpa_supplicant state machine when not needed
b46c4b9a916a tests: Beacon protection and reconnection
3e71516936b7 Document per-ESS MAC address (mac_addr=3 and mac_value)
f85b2b2dee3b Extend wpa_parse_kde_ies() to include EHT capabilities
e3a68081bc1e driver: Add option for link ID to be specified for send_tdls_mgmt()
c7561502f2e8 nl80211: Use a QCA vendor command to set the link for TDLS Discovery Response
a41c8dbdd84e TDLS: Copy peer's EHT capabilities
626501434be1 TDLS: Learn MLD link ID from TDLS Discovery Response
5f30f62eead7 TDLS: Reply to Discovery Request on the link with matching BSSID
940ef9a05c0f TDLS: Use link-specific BSSID instead of sm->bssid for MLO cases
f429064189c3 TDLS: Set EHT/MLO information for TDLS STA into the driver
dd25885a9daa Remove space-before-tab in QCA vendor related definitions
af6e0306b2a9 Fix typos in QCA vendor related definitions
4c9af238c1e4 Fix inconsistent whitespace use in QCA vendor related definitions
e5ccbfc69ecf Split long comment lines in QCA vendor related definitions

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 12:37:44 +02:00
Felix Fietkau
20c667cc88 hostapd: rework reload support and MAC address handling
MAC address and interface name assigned by mac80211.sh depend on the order in
which interfaces are brought up. This order changes when interfaces get added
or removed, which can cause unnecessary reload churn.

One part of the fix it making MAC address allocation more dynamic in both
wpa_supplicant and hostapd, by ignoring the provided MAC address using
the next available one, whenever the config does not explicitly specify one.

The other part is making use of support for renaming netdevs at runtime and
preserving the MAC address for renamed netdevs.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 12:37:44 +02:00
Felix Fietkau
13c1080a3f hostapd: move mac address allocation from mac80211.sh to wdev.uc
Preparation for upcoming hostapd reload improvements

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 12:37:44 +02:00
Felix Fietkau
8566ddc8b3 hostapd: add internal API for renaming AP interfaces
Will be used for improving reload support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 12:37:44 +02:00
Felix Fietkau
ddd012d5ff hostapd: fix AP+STA configuration with autochannel enabled
Properly disable the interface when requested
Disable ACS when bringing it back up on the new channel

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 12:36:55 +02:00
Felix Fietkau
4871acef79 hostapd: update interface/bss list after set_config calls
set_config causes the ucode bss resource to be re-created and because of that
the bss list needs to be updated as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 10:47:35 +02:00
Felix Fietkau
499ca4cbe0 hostapd: fix bringing up AP in AP+mesh configurations
Pass the correct frequency + secondary channel offset to hostapd

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-12 14:09:59 +02:00
Felix Fietkau
ea1787b7bc hostapd: clear ucode interface/bss resource pointers
Avoids potential use-after-free bugs

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-12 14:09:58 +02:00
Felix Fietkau
36a9f8449c hostapd: fix applying gratuitous ARP settings with bridge-vlan
The arp_accept setting needs to be applied to the snoop_iface

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-12 12:58:26 +02:00
Felix Fietkau
4a0b1af905 hostapd: allow adding initial AP without breaking STA interface connection
When switching from a STA-only configuration to AP+STA on the same phy, the
STA was previously restarted in order to notify hostapd of the new frequency,
which might not match the AP configuration.
Fix the STA restart by querying the operating frequency from within hostapd
when bringing up the AP.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-03 09:51:28 +02:00
Felix Fietkau
d65354488d hostapd: fix config change detection on boolean values
Check for null instead of truish value

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-03 09:51:08 +02:00
Felix Fietkau
3b44e0a4c1 hostapd: fix parsing HT secondary channel offset
It returned the wrong value when using HT40-

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-02 19:39:24 +02:00
Felix Fietkau
2021ca0a02 hostapd: reset center_seg0_idx for 2.4 GHz
Fixes 40 MHz channel bandwidth on 2.4 GHz AP+STA

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-02 19:39:24 +02:00
Felix Fietkau
b460ec66ed hostapd: use proper helper functions for setting seg0/seg1 idx and chwidth
Simplifies code and removes #ifdef statements

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-02 19:39:24 +02:00
Felix Fietkau
7049ea9e95 firewall4: update to the latest version
23a434d0d15d tests: fix expected test output
840ccdeeabce fw4: avoid emitting invalid rule jump targets
20da9933fd7e fw4: fix another instance of invalid rule jump targets
598d9fbb5179 fw4: remove special cases around hw flow offloading

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-01 14:01:06 +02:00
Felix Fietkau
821cf6dd38 hostapd: remove cfg80211 dependency
Always enable nl80211 driver support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-01 12:18:13 +02:00
Daniel Golle
9a4bd3b1e4 netifd: update to latest git HEAD
1a07f1dff32b make_ethtool_modes_h.sh: apply anti-bashism

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-09-01 01:03:13 +01:00
Daniel Golle
b85646f32f netifd: update to latest git HEAD
f429bd94f99e system-linux: switch to new ETHTOOL_xLINKSETTINGS API

Fixes AN announcement for speeds beyond 1 GBit/s.
Adds new UCI options for Ethernet devices:
 - autoneg: switch on or off auto-negotiation
 - pause: if set to 0, do not announce symmetric flow control capability
 - asym_pause: if set to 0, do not announce asymmetric flow control
               capability.
 - rxpause: if set overrides AN and forces RX pause accordingly
 - txpause: if set overrides AN and forces TX pause accordingly

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-08-31 21:54:40 +01:00
Felix Fietkau
560965d582 hostapd: select libopenssl-legacy for openssl variants
Without it, a lot of authentication modes fail without obvious error messages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-31 13:12:25 +02:00
Felix Fietkau
b0501d380f hostapd: remove eap-eap192 auth type value
It is no longer used

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-31 13:05:13 +02:00
Felix Fietkau
8c03dc962f netifd: update to the latest version
db3934d2f740 scripts/netifd-wireless.sh: properly fix WPA3 Enterprise support

Support the following values for the different WPA3 Enterprise modes:

- wpa3-mixed: WPA3 Enterprise transitional mode
	This supports EAP with both SHA1 and SHA-256, with optional MFP
- wpa3: WPA3 Enterprise only mode
	This supports only SHA256 with mandatory MFP
- wpa3-192: WPA3 Enterprise with mandatory 192 bit support
	This uses only GCMP-256 ciphers

Disable 192 bit support and GCMP-256 ciphers for the regular "wpa3" mode.
It seems that even leaving in optional 192 bit support breaks auth on some
clients, including iOS devices.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-31 13:05:13 +02:00
Felix Fietkau
b63df6ce5d hostapd: support eap-eap2 and eap2 auth_type values
WPA3 Enterprise-transitional requires optional MFP support and SHA1+SHA256
WPA3 Enterprise-only requires SHA1 support disabled and mandatory MFP.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-31 13:05:13 +02:00
Felix Fietkau
f0d1349b52 hostapd: fix FILS key mgmt type for WPA3 Enterprise 192 bit
Use the SHA384 variant to account for longer keys with more security

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-31 13:05:13 +02:00
Felix Fietkau
99a98b3024 mac80211: remove non-upstream antenna gain configuration patch
It seems that this was not functioning properly and was likely completely unused.
Keeping this out of tree also introduced some annoying churn when updating, because
of the iw nl80211.h sync patch.
If this is needed, it will be reintroduced when/if it is added upstream

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-30 12:28:30 +02:00
Felix Fietkau
22ca6fdeeb hostapd: fix bringing up AP+STA when the new channel is on a DFS channel
If a CAC is needed because the channel is not available yet, a full AP
interface restart is needed

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-24 18:29:36 +02:00
Felix Fietkau
f3eb998e7e hostapd: in AP/STA, shut down AP interfaces when STA enters scanning state
When the STA is brought up, it is set to DISABLED before adding the bss to ucode,
so the first trigger to disable the AP is missed.

Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-23 19:05:47 +02:00
Felix Fietkau
aa5f2cb63c hostapd: remove obsolete patch
It was only needed when hostapd was being started with one instance per PHY

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-23 19:05:46 +02:00
David Bauer
c46df4f1e2 hostapd: allow reduced neighbor report configuration
Reduced neighbor reports can be enabled by setting the "rnr" uci option
to 1.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-08-22 13:37:27 +02:00
Stijn Tintel
324673914d hostapd: revert upstream commit to fix #13156
Commit e978072baaca ("Do prune_association only after the STA is
authorized") causes issues when an STA roams from one interface to
another interface on the same PHY. The mt7915 driver is not able to
handle this properly. While the commits fixes a DoS, there are other
devices and drivers with the same limitation, so revert to the orginal
behavior for now, until we have a better solution in place.

Fixes: #13156
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2023-08-18 23:45:16 +02:00
Felix Fietkau
a61fd0f0bb hostapd: fix bringing up mesh without supplicant when mcast rate is specified
The iw command expects a specific command line argument

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-17 17:44:59 +02:00
Felix Fietkau
09fd59938b netifd: update to the latest version
4711f74479e2 netifd: fix disabling radio via config if reconf is being used

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-17 17:14:59 +02:00
Felix Fietkau
a0a5b97674 hostapd: do not store data in object prototype
It cannot be properly cloned, since it is attached to the resource type.
Use a separate registry for data. Fixes object confusion issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-12 08:42:12 +02:00
Felix Fietkau
f1c4751ba6 hostapd: restart wifi when the bssid of the first interface changes
Full restart is necessary, since the bss wdev is not re-created

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-11 23:29:22 +02:00
Felix Fietkau
c1600df91f hostapd: shut down client mode on the same phy while restarting AP
An active client mode interface could prevent the AP from claiming its channel
and mess up the bringup sequence order

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-11 23:29:22 +02:00
Felix Fietkau
c5988f4c01 hostapd: fix center frequency calculation for channel 149 and above
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-11 15:43:43 +02:00
Felix Fietkau
9c2c6d19f3 hostapd: add missing #ifdef for non-802.11ax builds
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-11 07:10:23 +02:00
Felix Fietkau
847984c773 hostapd: reimplement AP/STA support via ucode
Drop obsolete control interface patches.
This fixes some corner cases in the previous code where the segment 0 center
frequency was not adjusted properly, leading to logspam and non-working AP
interfaces.
Additionally, shutting down the AP was broken, because the next beacon update
would re-enable it, leading to a race condition on assoc.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-10 22:33:00 +02:00
Felix Fietkau
ed0ad7759c hostapd: remove config_id parameters from hostapd.conf
They are no longer used

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-10 22:27:59 +02:00
Felix Fietkau
fe8bf65d1d hostapd: add missing ucv_get call in wpa_supplicant
Should be harmless, but fix it just in case

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-10 19:09:42 +02:00
Felix Fietkau
6cb8bb1675 hostapd: clone prototypes of ucode bss/interface objects
Fixes an issue where lookup would return different objects than the ones intended

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-10 19:09:42 +02:00
Felix Fietkau
d198c77764 hostapd: fix typo in ssid variable for non-supplicant mesh interface bringup
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-09 10:51:46 +02:00
Felix Fietkau
9b56c27a8a hostapd: add extra sanity checks for config reload
Avoid getting stuck because of bad configurations

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-08 20:11:43 +02:00
Felix Fietkau
5ae3b195a1 hostapd: fix bss color CCA issue with multiple wifi interfaces
Fixes this error: hostapd: nl80211: kernel reports: integer out of range

Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-07 22:02:57 +02:00
Felix Fietkau
b8be20c7e8 hostapd: fix unused device removal on DBDC devices
Check the phy before removing unrelated netdevs on the same hw device

Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-03 18:51:00 +02:00
Stijn Tintel
15acde674c xdp-tools: disable stack protector for BPF programs
When building xdp-tools with CONFIG_USE_LLVM_HOST=y, on a host that
enabled stack protector by default in Clang, compilation fails with the
following error:

    CLANG    xdp-dispatcher.o
clang-16: error: ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpfeb' [-Werror,-Woption-ignored]

Add -fno-stack-protector to BPF_CFLAGS to fix this.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2023-08-03 17:39:39 +03:00
Felix Fietkau
150e6d28f2 hostapd: fix undeclared variable in common.uc
Fixes: https://github.com/openwrt/openwrt/issues/13210
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-02 13:30:26 +02:00
Felix Fietkau
4a4e0c636f hostapd: fix mesh supplicant build error
Include AP ucode source file

Fixes: e56c5f7b27 ("hostapd: add ucode support, use ucode for the main ubus object")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-01 13:43:56 +02:00
Felix Fietkau
11bf820124 netifd: update to the latest version
8c2758b4fbbb wireless: add support for replacing data blobs at runtime
0ff22a6a68ce wireless: enable dynamic reconfiguration by default

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-01 10:08:14 +02:00
Felix Fietkau
e56c5f7b27 hostapd: add ucode support, use ucode for the main ubus object
This implements vastly improved dynamic configuration reload support.
It can handle configuration changes on individual wifi interfaces, as well
as adding/removing interfaces.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-01 10:08:03 +02:00
Felix Fietkau
33e4ad767e hostapd: switch to using uloop (integrated with built-in eloop)
Preparation for pulling in more code that uses uloop

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-01 10:06:29 +02:00
Felix Fietkau
9769655d1b hostapd: add support for querying assoc/probe IEs
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-01 10:06:28 +02:00
Felix Fietkau
57fbbf15cd hostapd: add experimental radius server
This can be used to run a standalone EAP server that can be used from
other APs. It uses json as user database format and can automatically
handle reload.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-01 10:05:13 +02:00
Etienne Champetier
6ac61dead9 dropbear: add ed25519 for failsafe key
At least Fedora and RHEL 9 set RSAMinSize=2048, so when trying to use
failsafe, we get 'Bad server host key: Invalid key length'
To workaround the issue, we can use: ssh -o RSAMinSize=1024 ...

Generating 2048 bits RSA is extremely slow, so add ed25519.
We keep RSA 1024 to be as compatible as possible.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2023-07-26 14:00:01 +02:00
Nick Hainke
cd82fc2235 iproute2: update 6.4
Release Notes:
https://lore.kernel.org/lkml/20230626093137.2f302acc@hermes.local/t/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-07-19 15:25:57 +02:00
Nick Hainke
2ef79b536b ethtool: update to 6.4
ChangeLog:
125b080 Release version 6.4.
5660918 update UAPI header copies
f493e63 netlink: fix duplex setting
b3e341c cmis: report LOL / LOS / Tx Fault
045d8db sff-8636: report LOL / LOS / Tx Fault
a6505f3 drop checks for macros provided in UAPI header copies
86c0c41 do not check for strtol() function
dd8e3ae actually check for C11 compiler
43e4d30 add local copies of macros from autoconf-archive
faa4700 drop check for big endian types
31b7b5e Require a compiler with support for C11 features
946d18b update UAPI header copies
eebf01f ethtool: Add support for configuring tx-push-buf-len
2782ea8 update UAPI header copies

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-07-19 15:25:49 +02:00
Nick Hainke
58c498247b nftables: update to 1.0.8
ChangeLog:
https://www.netfilter.org/projects/nftables/files/changes-nftables-1.0.8.txt

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-07-18 14:37:19 +02:00
Felix Fietkau
adfeda8491 hostapd: add fix for dealing with VHT 160 MHz via ext nss bw
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-07-14 10:09:34 +02:00
Andre Heider
cd804c1ebb hostapd: update to 2023-06-22
Removed, merged upstream:
- 170-wpa_supplicant-fix-compiling-without-IEEE8021X_EAPOL.patch

Manually refreshed:
- 040-mesh-allow-processing-authentication-frames-in-block.patch
- 600-ubus_support.patch
- 761-shared_das_port.patch

Fixes: #12661
Fixes: 304423a4 ("hostapd: update to 2023-03-29")
Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-07-07 14:26:58 +02:00
Felix Fietkau
531fea72ad netifd: update to the latest version
e94f7a81a039 bridge: fix config reload on 32 bit systems

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-07-03 11:53:37 +02:00
Hauke Mehrtens
a226153067 iwinfo: update to latest git HEAD
d1f07cf devices: add device id for Atheros AR9287 and AR9380
65ea345 nl80211: constify a few arrays
ca79f64 lib: report byte counters as 64 bit values

This contains an ABI change, increase the ABI version too.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-07-01 12:10:41 +02:00
Felix Fietkau
81f667513a netifd: update to the latest version
493e1589bc8b bridge: fix coverity false positive report
03a619947717 bridge: add support for configuring extra vlans for the bridge itself
4bea6d21a9ab wireless: fix changing reconf/serialize options in configuration
255b4d5c472e wireless: fix handling config reload with reconf=1
1ab992a74b43 wireless: fix another reconf issue

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-06-29 12:54:38 +02:00
Hauke Mehrtens
7a6f6b8126 uhttpd: update to latest git HEAD
34a8a74 uhttpd/file: fix string out of buffer range on uh_defer_script

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-06-25 22:48:55 +02:00
Christian Marangi
acd9981b4e
odhcpd: bump to latest git HEAD
5211264 odhcpd: add support for dhcpv6_pd_min_len parameter
c6bff6f router: Add PREF64 (RFC 8781) support

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-06-24 19:09:14 +02:00
Felix Fietkau
45176e81c6 netifd: update to the latest version
1571e18e4a69 bridge: add support for configuring extra tagged vlans on member devices
b719f189f243 bridge: make hotplug-added vlans default to tagged
edf3aced9f9a bridge: add support for adding vlan ranges via hotplug

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-06-23 13:57:44 +02:00
Felix Fietkau
68ef2d1856 netifd: update to the latest version
077e05f2b129 vlan/vlandev: pass through extra vlan information passed via hotplug
40fad91eb5be wireless: add network_vlan config attribute

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-06-22 15:58:44 +02:00
Stijn Tintel
b57703264f hostapd: add UCI option for Multiple BSSID
Add an UCI option to enable Multiple BSSID Advertisement. Enabling this
will announce all BSSIDS on a phy in a single beacon frame. The
interface that is brought up first will be the transmitting profile, all
others are non-transmitting profiles and will be advertised in the
Multiple BSSID element in Beacon and Probe Response frames of the first
interface.

This depends on driver and client support. Enabling this will result in
all but the first interface not being visible at all for clients that do
not support it.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2023-06-16 02:42:04 +03:00
Christian Marangi
8c1bd9b6a5
ppp: backport patches improving ppp interface creation
Backport patches improving ppp interface creation. As a side effect this
also fix a bug from using netdev trigger that suffer from LED state
wrongly set due to using old ioctl for ppp creation.

Tested-by: Csaba Sipos <metro4@freemail.hu>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-06-14 05:40:26 +02:00
Christian Marangi
0a1ee53235
restool: update source.codeaurora.org repository link
source.codeaurora.org project has been shut down and the nxp
repositories has been moved to github. Update the repository
link to the new location.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-06-11 15:22:49 +02:00
Lech Perczak
a9237c1af9 uqmi: do not start 464xlat for dual-stack configurations
If dual-stack configuration is in use, and dhcpv6 option is set, do not start
464xlat sub-interface for dhcpv6 sub-interace , as the configuration already
provides IPv4 connectivty, be it through single or dual APN configuration.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-06-11 18:26:41 +02:00
Lech Perczak
48e8bf1b8f uqmi: support split-APN IPv4 and IPv6 dual-stack
Add two new "v6apn" and "v6profile" properties, to support split-APN
dual-stack onfiguration. This extends the existing ipv4v6 PDP type,
allowing simultaneous connection to two distinct APNs,
one for IPv4 and one for IPv6.
The parameters override existing 'apn' and 'profile' respectively,
if set, but only for IPv6 part of the connection.
If unset, they default to their original values, constituting a standard
IPv4v6 setup.

If a different APN is set for IPv6, a corresponding profile MUST also be
configured, with a different ID, than the IPv4 profile, for example,
profile 2.
Both APNs must match ones configured through QMI or through 'AT+CGDCONT'
command.

Example configuration in UCI:

config interface 'wan'
        option proto 'qmi'
        option device '/dev/cdc-wdm0'
        option autoconnect '1'
        option pdptype 'ipv4v6'
        option apn 'internet'
        option v6apn 'internetipv6'
	option profile '1'
	option v6profile '2'

Corresponding profile configuration:
AT+CGDCONT?
+CGDCONT: 1,"IP","internet","0.0.0.0",0,0,0,0
+CGDCONT: 2,"IPV6","internetipv6","0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0",0,0,0,0

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-06-11 18:26:41 +02:00
nichel Chen
2b0b28f479
swconfig: fix memory leak when cli call swlib_get_attr()
The cli is a one-time run, and memory leaks would have been irrelevant. But people call libsw with cli programs as samples.
Doing a good job of memory management calls means that people who call libsw are not so easy to make mistakes.

Signed-off-by: nichel Chen <nichelnich@gmail.com>
2023-06-11 02:42:31 +02:00
Felix Fietkau
20ce21866e netifd: update to the latest version
ec9dba721245 system-linux: fix memory leak in system_bridge_vlan_check

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-06-04 18:37:29 +02:00
Felix Fietkau
7b1e898336 unetd: update to the latest version
412d03012f13 network: prevent adding endpoint routes for addresses on the network
faaf9cee6ef4 utils: fix ipv4 checksum issue
0e1c2fad3540 pex-msg: fix memory leak on fread fail in pex_msg_update_request_init
51be0ed659d0 host: fix crash parsing gateway when no endpoint is specified
ca17601dc24e wg-linux: add support for splitting netlink messages for allowed ips
7d3986b7a5a2 wg-linux: increase default messages size

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-06-04 16:54:52 +02:00
Hauke Mehrtens
21f713d5ab netifd: Fix PKG_MIRROR_HASH
Fix the PKG_MIRROR_HASH value for netifd.

Fixes: d2ecaaca34 ("netifd: update to version 2023-05-31")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-06-03 14:40:03 +02:00
Petr Štetiar
d2ecaaca34
netifd: update to version 2023-05-31
Contains following changes:

 * bridge: bridge_dump_info: add dumping of bridge attributes
 * bridge: make it more clear why the config was applied
 * cmake: fix build by reordering the cflags definitions
 * treewide: fix multiple compiler warnings

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-05-31 19:13:38 +02:00
Felix Fietkau
67e8cc07f9 hostapd: remove unused legacy wireless extension support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-05-26 13:33:45 +02:00
Tony Ambardar
afe1bf11f2 bpftools: update, split off bpftool and libbpf packages
My original bpftools package made "variant" builds of bpftool and libbpf
as a convenience, since both used the same local kernel sources with the
same versioning. This is no longer the case, since the commit below
switched to using an out-of-tree build mirror hosting repos for each.

Replace bpftools with separate bpftool and libbpf packages, each simplified
and correctly versioned. Also fix the broken libbpf ABI introduced in the
same commit. Existing build .config files are not impacted.

Fixes: 00cbf6f6ab ("bpftools: update to standalone bpftools + libbpf, use the latest version")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2023-05-24 21:17:20 +02:00
Nick Hainke
17fbbafdcb lldpd: update to 1.0.17
Release Notes:
https://github.com/lldpd/lldpd/releases/tag/1.0.17

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-05-22 18:48:36 +02:00
Nozomi Miyamori
d728d05c6c dropbear: add ForceCommand uci option
adds ForceCommand option. If the command is specified,
it forces users to execute the command when they log in.

Signed-off-by: Nozomi Miyamori <inspc43313@yahoo.co.jp>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-20 23:24:50 +02:00
Mark Baker
ce81896769 umdns: Update to umdns HEAD
Update to umdns HEAD to include latest enhancements for browse method
filtering, return of TXT records as an array, dumping IPv4/6 as an
array, and including the interface name in a browse reply.

Signed-off-by: Mark Baker <mark@vpost.net>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> #ipq807x, mt7621, x86_64
2023-05-18 18:07:17 +02:00
Arınç ÜNAL
c42847989e comgt-ncm: add support for UNISOC SL8563 based TOZED TL70-C
TOZED TL70-C is an LTE CAT6 cellular modem based on UNISOC SL8563. UNISOC
was formerly called Spreadtrum hence the manufacturer name detected on the
modem is spreadtrum.

The connect and disconnect commands bring up and down the usb0 interface.
They are Base64 encoded as that's what the AT command accepts. The modem
can do up to 4 APNs by bringing the USB interfaces, usb0 to usb3, up.

Setting the USB interfaces up:

connmanctl ndisdial AT^NDISDUN="usb0",1,1
connmanctl ndisdial AT^NDISDUN="usb1",1,2
connmanctl ndisdial AT^NDISDUN="usb2",1,3
connmanctl ndisdial AT^NDISDUN="usb3",1,4

Setting the USB interfaces down:

connmanctl ndisdial AT^NDISDUN="usb0",0,1
connmanctl ndisdial AT^NDISDUN="usb1",0,2
connmanctl ndisdial AT^NDISDUN="usb2",0,3
connmanctl ndisdial AT^NDISDUN="usb3",0,4

Co-developed-by: Andre Cruz <me@1conan.com>
Signed-off-by: Andre Cruz <me@1conan.com>
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
2023-05-18 14:44:07 +02:00
Joe Cooper
51302e51b5 wwan: add Medion S4222 usb lte stick
add description for medion usb lte webstick

Signed-off-by: Joe Cooper <highjagger+github@gmail.com>
[bump PKG_RELEASE]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-05-18 14:32:04 +02:00
Tianling Shen
48ed07bc0b treewide: replace AUTORELEASE with real PKG_RELEASE
Based on Paul Fertser <fercerpav@gmail.com>'s guidance:
Change AUTORELEASE in rules.mk to:
```
AUTORELEASE = $(if $(DUMP),0,$(shell sed -i "s/\$$(AUTORELEASE)/$(call commitcount,1)/" $(CURDIR)/Makefile))
```

then update all affected packages by:
```
for i in $(git grep -l PKG_RELEASE:=.*AUTORELEASE | sed 's^.*/\([^/]*\)/Makefile^\1^';);
do
	make package/$i/clean
done
```

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2023-05-18 11:35:29 +02:00
David Bauer
3d7830d902 iwinfo: update to latest HEAD
c9f5c3f devices: add MediaTek MT7981 WMAC compatible
b3888b2 devices: add compatible strings for Ralink WiSoCs

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-05-18 01:44:41 +02:00
Nick Hainke
22ff416483 ethtool: update to 6.3
Release Notes:
https://lore.kernel.org/netdev/20230508213111.z4vjg6gyrm7nwz4r@lion.mk-sys.cz/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-05-15 15:24:45 +02:00
Felix Fietkau
4e5aac4729 bridger: update to the latest version
d4f56f0e6971 add support for handling traffic to/from the bridge device
3ea579064c00 nl: add separate socket for netlink commands
4ec5a51c6d01 nl: fetch packet stats for offloaded flows
0319fd080bf5 add support for configuring a fixed output port for a bridge member port
5b730f0c2cf5 bridger-bpf: fix build on older kernels
00af6c6e8350 nl: process IFLA_MASTER in any nl events, but skip wireless events
a2794f95756e bridger-bpf: add bpf_skb_pull_data call
6974093eb036 nl: rework vlan code to use the iflink API
d0f79a16c749 nl: do not attempt to enable flow offload on older kernels

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-05-12 21:18:31 +02:00
Pacien TRAN-GIRARD
d5182de637
odhcp6c: add skpriority option
Allowing the (kernel) packet priority to be set through UCI.

This makes it straightforward to set some VLAN priority for DHCP
requests through a simple egress qos map. (Avoiding the need for
firewall matching and marking through iptables, which prevents using
flow offloading).

(Such priority tag is a hard requirement for some ISPs, such as Orange
in France).

Depends on: https://github.com/openwrt/odhcp6c/pull/74

Signed-off-by: Pacien TRAN-GIRARD <pacien.trangirard@pacien.net>
2023-05-12 13:19:50 +02:00
Christian Marangi
dbc34a8e36
odhcp6c: bump to latest git HEAD
bcd2836 odhcp6c: add -K option to set packet kernel priority

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-05-12 13:15:55 +02:00
Lech Perczak
1108f6cb8b umbim: allow forcing DHCP/DHCPv6 configuration
To support the widest variety of modems, allow restoring previous
behaviour of configuring the link throug means of DHCP(v6) exclusively.
Change the default value of "dhcp" and "dhcpv6" UCI options to "auto",
while keeping the default behaviour of "prefer out-of-band configuration",
intact. Setting "dhcp" or "dhcpv6" to boolean 1 will now force using
DHCP and DHCPv6, respectively.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-05-07 14:36:58 +02:00
Nick Hainke
12b96757e5 iproute2: update to 6.3.0
Release Notes:
https://lore.kernel.org/netdev/20230427090253.7a92616b@hermes.local/T/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-05-07 14:31:58 +02:00
Lech Perczak
d256ab7309 umbim: include MBIM-provided DNS servers also with DHCP mode
In MBIM interfaces, DNS servers may be provided out-of-band regardless
whether DHCP is used for configuration, or not. Move the DNS
configuration outside "if" blocks to support that.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
aa7873a9e6 umbim: extract common code from static and dhcp(v6) setup procedure
Beginnings and endings of sub-interface creation procedure were
literally duplicates - extract them outside if "if" blocks

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
e4db21b413 umbim: handle MTU configuration
Allow setting interface MTU through UCI. If this is not set,
use MBIM-provided MTU, if provided through control channel.
If separate MTUs are provided for IPv4 and IPv6, apply larger of them.
This is very unlikely and possible only for IPv4v6 dual-stack configuration.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
2bfbc2dbd8 umbim: delegate RFC7278 IPv6 prefixes from OOB config
Delegate prefixes received through MBIM control channel the same way, as
would be done through DHCP, according to RFC7278.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
9808b09b91 umbim: drop IP configuration parsing using 'eval'
Finally, when new helper is in use, drop old IP configuration parser.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
c13a1b412b umbim: support multiple-valued configuration fields
MBIM supports multiple values for IP address and DNS server, and such
configuration is available through output of MBIM. Use new helper
method to support adding multiple addresses and DNS servers to static
interfaces for both IPv4 and IPv6.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
f01fff63fb umbim: add "_proto_mbim_get_field" helper
Add a new helper to extract IP configuration from umbim output. This is
required to extract fields which can possibly have multiple values,
namely IP addresses and DNS servers, and get rid of primitive parser
using 'eval' builtin without support for this.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
5f873df8d4 umbim: log output of 'config' step
Display full configuration obtained using MBIM control channel in the
log, from umbim output verbatim, for easier troubleshooting, and in
preparation for parser refactoring.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
9ddbcd73d8 umbim: pass ipXtable to child interfaces
Inspired by commti e51aa699f7, allow setting specific routing tables
via ip4table and ip6table options, by passing them on child interfaces
created by MBIM protocol handler.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
e2655e0a6b umbim: respect 'Enable IPv6 negotiation' option
Don't bring IPv6 part of interface up if it's disabled,
or system does not support it.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
ca8df8a992 umbim: use static config by default, fallback to DHCP
Finally, inspired by ModemManager's logic, make static configuration
obtained through MBIM control channel, preferred.
If IP configuration is not available this way, fallback to DHCP(v6) if
enabled, else do not create a sub-interface for unavailable IP type.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
464d81fe4a umbim: separate DHCPv6 configuration from DHCP(v4)
Now, that sub-interface setup is split by IP type, and separate checks
are performed for DHCP selection, it is possible to control DHCP on v4
an v6 sub-interfaces instantly. Add "dhcpv6" variable, akin to QMI
option, to control behaviour of DHCPv6 separately from IPv4 option,
which is required for some mobile operators.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
03692dee73 umbim: restructure IPv4/IPv6 handling
Check whether interface is configured per IP type, not per DHCP. This is
preparation to allow fallback to DHCP if static IP configuration is not
available, which is the default option for MBIM modems

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
c1e0d07744 umbim: inherit firewall zone membership from parent interface
Fix an issue where subinterfaces were not added to the same
firewall zone as their parent.
Inspired by 64bb88841f.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
c84bf89b3a umbim: inherit "peerdns" option from parent interface
MBIM protocol handler should intherit "peerdns" options from parent
interface on sub-interfaces, otherwise upstream DNS servers are applied
regardless of configuration.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
9bb4b9a968 umbim: use IP configuration provided by MBIM by default
Previously, DHCP was used. According to MBIM Specification v1.0 errata 1 [1],
section 10.5.20, MBIM_CID_IP_CONFIGURATION,
if MBIM information element containing IP configuration is available,
host shall use it, and fall back to in-band mechanisms to acquire it therwise -
therefore make static configuration the default.

[1] https://www.usb.org/document-library/mobile-broadband-interface-model-v10-errata-1-and-adopters-agreement

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
356a6f0eee umbim: detect actual connection IP type
Current implementation needlessly creates both IPv4 and IPv6
sub-interfaces for single-stack IP types. Limit this only to selected IP
type. While at that, ensure that IP type is also passed to umbim during
"connect" phase. In addition, detect the actual established connection
type returned by umbim and set up subinterfaces according to that,
not to requested configuration. While at that, allow empty IP type explicitly,
interpreted as "any" according to MBIM specification.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
da84eddedb umbim: fail connect step immediately
Subsequent calls to 'umbim connect' do not have any effect if a failure
occured, and in such case an infinite loop without timeout is created,
leading to possibility of interface stuck at connecting forever.
Drop this loop, and issue MBIM disconnect properly, so netifd can
restart from scratch.
This issue can be observed with Sierra EM7455 at changing APN, which
causes network re-registration by default, and a MBIM transaction
timeout, which is resolved on next interface bringup by netifd.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
0be14c622b umbim: connect session for only the selected PDP type
Previous implementation automatically set up connections for both IPv4
and IPv6, even if one of them isn't supported. Respect the "pdptype"
option in the same way, as it is done for QMI or NCM, and only start the
respective PDN sessions, if set.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Martin Schiller
512bb17f3e umbim: add support for non-dhcp mode
There are mbim compatible wwan modules available which do not support
the dhcp autoconfiguration. (e.g. gemalto Cinterion ELS81)

This adds the possibility to get the configuration parameters from mbim.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Nick Hainke
304423a4ff
hostapd: update to 2023-03-29
Add patches:
- 170-wpa_supplicant-fix-compiling-without-IEEE8021X_EAPOL.patch

Remove upstreamed:
- 170-DPP-fix-memleak-of-intro.peer_key.patch
- 461-driver_nl80211-use-new-parameters-during-ibss-join.patch
- 800-acs-don-t-select-indoor-channel-on-outdoor-operation.patch
- 992-openssl-include-rsa.patch

Automatically refreshed:
- 011-mesh-use-deterministic-channel-on-channel-switch.patch
- 021-fix-sta-add-after-previous-connection.patch
- 022-hostapd-fix-use-of-uninitialized-stack-variables.patch
- 030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch
- 040-mesh-allow-processing-authentication-frames-in-block.patch
- 050-build_fix.patch
- 110-mbedtls-TLS-crypto-option-initial-port.patch
- 120-mbedtls-fips186_2_prf.patch
- 140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch
- 150-add-NULL-checks-encountered-during-tests-hwsim.patch
- 160-dpp_pkex-EC-point-mul-w-value-prime.patch
- 200-multicall.patch
- 300-noscan.patch
- 310-rescan_immediately.patch
- 330-nl80211_fix_set_freq.patch
- 341-mesh-ctrl-iface-channel-switch.patch
- 360-ctrl_iface_reload.patch
- 381-hostapd_cli_UNKNOWN-COMMAND.patch
- 390-wpa_ie_cap_workaround.patch
- 410-limit_debug_messages.patch
- 420-indicate-features.patch
- 430-hostapd_cli_ifdef.patch
- 450-scan_wait.patch
- 460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
- 463-add-mcast_rate-to-11s.patch
- 465-hostapd-config-support-random-BSS-color.patch
- 500-lto-jobserver-support.patch
- 590-rrm-wnm-statistics.patch
- 710-vlan_no_bridge.patch
- 720-iface_max_num_sta.patch
- 730-ft_iface.patch
- 750-qos_map_set_without_interworking.patch
- 751-qos_map_ignore_when_unsupported.patch
- 760-dynamic_own_ip.patch
- 761-shared_das_port.patch
- 990-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch

Manually refresh:
- 010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch
- 301-mesh-noscan.patch
- 340-reload_freq_change.patch
- 350-nl80211_del_beacon_bss.patch
- 370-ap_sta_support.patch
- 380-disable_ctrl_iface_mib.patch
- 464-fix-mesh-obss-check.patch
- 470-survey_data_fallback.patch
- 600-ubus_support.patch
- 700-wifi-reload.patch
- 711-wds_bridge_force.patch
- 740-snoop_iface.patch

Tested-by: Packet Please <pktpls@systemli.org> [Fritzbox 4040 (ipq40xx),
           EAP225-Outdoor (ath79); 802.11s, WPA3 OWE, and WPA3 PSK]
Tested-by: Andrew Sim <andrewsimz@gmail.com> [mediatek/filogic]
Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-22 23:18:15 +02:00
Felix Fietkau
10eb3fa35a netifd: update to the latest version
7de5440a520f device: fix segfault when recreating devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-04-17 13:14:43 +02:00
Nick Hainke
36c30bee5e tcpdump: update to 4.99.4
Fixes CVE-2023-1801.

Changelog can be found here:
https://git.tcpdump.org/tcpdump/blob/55bc126b0216cfe409b8d6bd378f65679d136ddf:/CHANGES

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-17 15:32:48 +08:00
Christian Marangi
75f7e2d10b
odhcpd: bump to latest git HEAD
40ab806 config: use dedicated link local function to check interface
a84bff2 netlink: add support for getting interface linklocal
2ea065f Revert "config: recheck have_link_local on interface reload if already init"
4b38e6b config: fix feature for enabling service only when interface RUNNING

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-04-04 06:43:23 +02:00
Lech Perczak
90603d443f uqmi: explicitly disconnect IPv6 address family
Some modems (namely, Telit LE910C4) require the IPv6 connection state to
be cleared explicitly, to avoid reporting "no effect" if IPv6
connection is already connected through autoconnect mechanism, or during
LTE default bearer attach, which would lead to established session, but
without a way to inform protocol handler of the status.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-02 18:54:39 +02:00
Lech Perczak
8c445d56f1 uqmi: set IPv6 family explicitly in status check
Some modems require CID to be set explicitly during IPv6 connection
status check, others require IPv6 address family to be checked explicitly
after establishing connection, in order to provide correct status.
Set both fields in the request to satisfy them.

Fixes: c8a88118af ("uqmi: set CID during 'query-data-status' operation")
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-02 18:54:39 +02:00
Andrey Erokhin
506bb436c6 netifd: strip mask from IP address in DHCP client params
ipaddr option can be in CIDR notation,
but udhcp wants just an IP address

Signed-off-by: Andrey Erokhin <a.erokhin@inango-systems.com>
2023-04-01 22:40:35 +02:00
Ian Dall
ed86454578 dnsmasq: configure dynamic dhcp6 and dhcp4 independently
Given ipv6 has SLAAC it is quite plausible to wish to use dynamic
dhcp4 but static dhcp6. This patch keeps dynamicdhcp as the default
option for both, but is overridden by dynamicdhcpv6 or dynamicdhcpv4

Signed-off-by: Ian Dall <ian@beware.dropbear.id.au>
2023-04-01 22:35:13 +02:00
Ruben Jenster
936df715de dnsmasq: add dhcphostsfile to ujail sandbox
The dhcphostsfile must be mounted into the (ujail) sandbox.
The file can not be accessed without this mount.

Signed-off-by: Ruben Jenster <rjenster@gmail.com>
2023-04-01 22:22:49 +02:00