Commit Graph

3632 Commits

Author SHA1 Message Date
Nick Lowe
e8d048c5e0 hostapd: SAE - Enable hunting-and-pecking and H2E
Enable both the hunting-and-pecking loop and hash-to-element mechanisms
by default in OpenWRT with SAE.

Commercial Wi-Fi solutions increasingly frequently now ship with both
hunting-and-pecking and hash-to-element (H2E) enabled by default as this
is more secure and more performant than offering hunting-and-pecking
alone for H2E capable clients.

The hunting and pecking loop mechanism is inherently fragile and prone to
timing-based side channels in its design and is more computationally
intensive to perform. Hash-to-element (H2E) is its long-term
replacement to address these concerns.

For clients that only support the hunting-and-pecking loop mechanism,
this is still available to use by default.

For clients that in addition support, or were to require, the
hash-to-element (H2E) mechanism, this is then available for use.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
2022-02-24 18:04:05 +01:00
Felix Fietkau
cbfce92367 qosify: update to the latest version
65b42032063f interface: add missing autorate-ingress options

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-20 18:13:14 +01:00
Petr Štetiar
d8bf730fe0 netifd: bump to version 2022-02-20
Contains following changes:

 136006b88826 cmake: fix usage of implicit library and include paths
 bc0e84d689e2 netifd: interface-ip: don't set fib6 policies if ipv6 disabled

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-02-20 10:52:55 +01:00
Eneas U de Queiroz
e6df13d0e1 hostapd: fallback to psk when generating r0kh/r1kh
The 80211r r0kh and r1kh defaults are generated from the md5sum of
"$mobility_domain/$auth_secret".  auth_secret is only set when using EAP
authentication, but the default key is used for SAE/PSK as well.  In
this case,  auth_secret is empty, and the default value of the key can
be computed from the SSID alone.

Fallback to using $key when auth_secret is empty.  While at it, rename
the variable holding the generated key from 'key' to 'ft_key', to avoid
clobbering the PSK.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
[make ft_key local]
Signed-off-by: David Bauer <mail@david-bauer.net>
2022-02-19 16:14:52 +01:00
David Bauer
6f78723977 hostapd: add STA extended capabilities to get_clients
Add the STAs extended capabilities to the ubus STA information. This
way, external daemons can be made aware of a STAs capabilities.

This field is of an array type and contains 0 or more bytes of a STAs
advertised extended capabilities.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-02-19 16:14:45 +01:00
Hauke Mehrtens
8f5875c4e2 tcpdump: Fix CVE-2018-16301
This fixes the following security problem:
The command-line argument parser in tcpdump before 4.99.0 has a buffer
overflow in tcpdump.c:read_infile(). To trigger this vulnerability the
attacker needs to create a 4GB file on the local filesystem and to
specify the file name as the value of the -F command-line argument of
tcpdump.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-12 23:22:05 +01:00
Jo-Philipp Wich
0d1220acdf firewall4: update to latest Git HEAD
53caa1a fw4: resolve zone layer 2 devices for hw flow offloading
9fe58f5 fw4: rework and fix family inheritance logic
8795296 tests: mocklib: fix infinite recursion in wrapped print()
281b1bc tests: change mocked wan interface type to PPPoE
93b710d tests: mocklib: forward compatibility change
1a94915 fw4: only stage reflection rules if all required addrs are known
5c21714 fw4: add device iifname/oifname matches to DSCP and MARK rules
3eacc97 tests: adjust 01_ruleset test case to latest changes

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-12 20:51:22 +01:00
Felix Fietkau
8072bf3322 qosify: update to the latest version
e230e71e0a12 map: fix copy-paste error in codepoints map
580d2ccf89f3 bpf: declare tcp_ports/udp_ports without typedef
8d6c19a81f3f ubus: fix a use-after-free bug

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-10 21:08:09 +01:00
Leonardo Mörlein
5406684087 wireguard-tools: allow generating private_key
When the uci configuration is created automatically during a very early
stage, where no entropy daemon is set up, generating the key directly is
not an option. Therefore we allow to set the private_key to "generate"
and generate the private key directly before the interface is taken up.

Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
Tested-by: Jan-Niklas Burfeind <git@aiyionpri.me>
2022-02-08 12:52:14 +01:00
David Bauer
04ed224543 hostapd: refresh patches
Refresh patches after updating to hostapd v2.10.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-02-08 00:21:41 +01:00
David Bauer
adb8c09a83 hostapd: update to v2.10
Upstreamed patches:
020-mesh-make-forwarding-configurable.patch
e6db1bc5da3fd7d5f4dba24aa102543b4749912f
550-WNM-allow-specifying-dialog-token.patch
979f19716539362f8ce60a77bf1b88fdcf5ba8e5
720-ACS-fix-channel-100-frequency.patch
2341585c349231af00cdef8d51458df01bc6965f
741-proxyarp-fix-compilation-with-Hotspot-2.0-disabled.patch
08bdf4f90de61a84ed8f4dd918272dd9d36e2e1f

Compile-tested: wpad-wolfssl hostapd-openssl
Run-tested: ath79-generic

Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-02-08 00:21:27 +01:00
Jo-Philipp Wich
ae75541594 firewall4: update to latest Git HEAD
a0518b6 fw4: gracefully handle unsupported hardware offloading
ac99eba init: fix boot action in init script

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 23:36:06 +01:00
Felix Fietkau
46e0eeb760 hostapd: automatically calculate channel center freq on chan_switch
Simplifies switching to different channels when on >= VHT80

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-07 17:01:18 +01:00
Jo-Philipp Wich
881a059977 uhttpd: update to latest Git HEAD
2f8b136 main: fix leaking -p/-s argument values
881fd3b ucode: adjust to latest ucode api
8b2868e file: specify UTF-8 as charset for dirlists, add option to override
3a5bd84 main: add ucode options to help text
16aa142 examples: add ucode handler example
3ceccd0 ucode: add ucode plugin support
f0f1406 examples: add example Lua handler script
9e87095 listen: avoid invalid memory access

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 11:44:36 +01:00
Jo-Philipp Wich
2dd6777f15 firewall4: update to latest Git HEAD
b54f462 fw4: parse traffic rules before forwarding rules
4d5af8b fw4: consolidate helper code
300c737 fw4: fix applying zone family restrictions to forwardings
eb9c25a tests: implement fs.opendir() mock interface
d30ff48 tests: fix mocked fs.popen() trace log
52831a0 fw4: improve flowtable handling
7cb10c8 fw4: disable "flow_offloading_hw" option for now
b2241a1 fw4: fix enabling NAT reflection rules for DNATs without explicit family

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 11:44:36 +01:00
Jo-Philipp Wich
3b1692c463 netifd: update to latest Git HEAD
fd4c9e1 system-linux: expose hw-tc-offload ethtool feature in device status dump
3d76f2e system-linux: add wrapper function for creating link config messages
88af2f1 system-linux: delete bridge devices using netlink
85c3548 system-linux: create bridge devices using netlink

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 11:44:36 +01:00
Felix Fietkau
03ea0405a6 mac80211: backport MBSSID/EMA support patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-02-03 15:16:47 +01:00
Etienne Champetier
0e32c6baf3 iptables: add ip{,6}tables-legacy{,-restore,-save} symlinks
Now that we can have both legacy and nft iptables variants
installed at the same time, install the legacy symlinks

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-03 00:02:31 +01:00
Etienne Champetier
3a5df36cf6 iptables: use ALTERNATIVES for ip(6)tables(-nft)
As nftables is now the default, ip(6)tables-nft gets higher priority

The removed symlinks ("$(CP)" line) will now be installed by the
ALTERNATIVES mechanism

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-03 00:02:31 +01:00
Etienne Champetier
b0bd6599e8 iptables: rework ip(6)tables-nft dependencies
according to iptables-nft man page,
"These tools use the libxtables framework extensions and hook to the nf_tables
kernel subsystem using the nft_compat module."

This means that to work, iptables-nft needs the same modules as
iptables legacy except the ip(6)table-{filter,mangle,nat,raw}
ip_tables, ip6tables.
When those modules are loaded iptables-nft-save output contains
"# Warning: iptables-legacy tables present, use iptables-legacy-save to see them"
But as long as it's empty it should not be a problem.

To have nft properly display the rules created by ip(6)tables-nft we need
all iptables targets and matches to be built as extension and not built-in
(/usr/lib/iptables/libip(6)t_*.so)

When switching a package to iptables-nft, you need to keep the
iptables-mod-* dependencies

This patch does minimal changes:
- remove the direct iptables-nft -> iptables dependency
- and more important add nft-compat dependency

The rule
iptables-nft -A OUTPUT -d 8.8.8.8 -m comment --comment "aaa" -j REJECT
becomes
table ip filter {
	chain OUTPUT {
		type filter hook output priority filter; policy accept;
		ip daddr 8.8.8.8 # xt_comment counter packets 0 bytes 0 # xt_REJECT
	}
}

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-03 00:02:31 +01:00
Etienne Champetier
4e7ad15904 iptables: fix ip6tables-nft description
ip6tables-nft packages ip6tables* utils not iptables*

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-02 23:24:03 +01:00
Etienne Champetier
a5c8811c04 iptables: fix ip6tables-extra description
The define was referencing ip6tables-mod-extra instead of ip6tables-extra

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-02 23:24:03 +01:00
Daniel Golle
4367d4f869
uqmi: update to git HEAD
f254fc5 uqmi: add support for get operating mode

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-02 02:37:21 +00:00
Hauke Mehrtens
cec4614df8 ethtool: Update to version 5.16
795f420 cmis: Rename CMIS parsing functions
369b43a cmis: Initialize CMIS memory map
da16288 cmis: Use memory map during parsing
6acaeb9 cmis: Consolidate code between IOCTL and netlink paths
d7d15f7 sff-8636: Rename SFF-8636 parsing functions
4230597 sff-8636: Initialize SFF-8636 memory map
b74c040 sff-8636: Use memory map during parsing
799572f sff-8636: Consolidate code between IOCTL and netlink paths
9fdf45c sff-8079: Split SFF-8079 parsing function
2ccda25 netlink: eeprom: Export a function to request an EEPROM page
86792db cmis: Request specific pages for parsing in netlink path
6e2b32a sff-8636: Request specific pages for parsing in netlink path
c2170d4 sff-8079: Request specific pages for parsing in netlink path
9538f38 netlink: eeprom: Defer page requests to individual parsers
664586e Merge branch 'review/next/module-mem-map' into master
50fdaec ethtool: Set mask correctly for dumping advertised FEC modes
c5e7133 cable-test: Fix premature process termination
73091cd sff-8636: Use an SFF-8636 specific define for maximum number of channels
837c166 sff-common: Move OFFSET_TO_U16_PTR() to common header file
8658852 cmis: Initialize Page 02h in memory map
27b42a9 cmis: Initialize Banked Page 11h in memory map
340d88e cmis: Parse and print diagnostic information
eae6a99 cmis: Print Module State and Fault Cause
82012f2 cmis: Print Module-Level Controls
d7b1007 sff-8636: Print Power set and Power override bits
429f2fc Merge branch 'review/cmis-diag' into master
32457a9 monitor: do not show duplicate options in help text
c01963e Release version 5.16.

The sizes of the ipk changed on MIPS 24Kc like this:
34317 ethtool_5.15-1_mips_24kc.ipk
34311 ethtool_5.16-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Jo-Philipp Wich
edb41fea66 firewall4: update to latest Git HEAD
16a1070 fw4.uc: handle zone masq6 option
5f61dbf ruleset: fix chain selection for mark and dscp targets
0bc844b ruleset: properly deal with wildcards in zone device selectors
101988d fw4: fix family comparisons
127dbc0 ruleset: emit AF specific rules for DSCP matches
d63cb89 fw4: fix parsing inverted numeric DSCP values
8c8a867 fw4: fix wrong `parse_network()` return value on `parse_subnet()` failure
f85bb2d ruleset: consolidate zone matches for raw_prerouting and raw_output chains
5669bc7 fw4: consolidate device grouping logic
94f03e0 ruleset: properly render redirect targets without port
fff9779 fw4: fix family selection logic for redirect rules
ca88fcd tests: update interface dump mock data
e60bb4b ruleset: support non-contiguous address masks
8fec51a fw4: fix potential crashes when parsing invalid redirect sections
c08eb44 fw4: fix redirect destination zone resolving
0df6ba0 fw4: fix address selection logic for DNAT reflection rules
60a2518 tests: add test coverage for redirect rules
e479eff fw4: add RFC-8622 'Least Effort' (LE) DSCP mark
ac8a737 ruleset: remove redundant syn check
bd5dc4b tests: run testcases in strict mode
3ee6a5c ruleset: fix undeclared variable access uncovered by strict mode

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-01-28 19:13:37 +01:00
Hans Dedecker
7edd10f9df netifd: update to git HEAD
ed71876 iprule: add support for uidrange

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2022-01-23 18:54:16 +01:00
Matthew Hagan
46ce629fe0 ipip: add 'nohostroute' option
Add the nohostroute option as available for gre and wg tunnels to
allow the user to prevent explicit creation of a route to the peer
address.

Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
2022-01-19 20:57:59 +01:00
David Bauer
2a31e9ca97 hostapd: add op-class to get_status output
Include the current operation class to hostapd get_status interface.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-01-14 22:12:44 +01:00
Hans Dedecker
d9064c31ca netifd: update to git HEAD
3043206 system: fix compilation with glibc 2.34

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2022-01-14 21:46:29 +01:00
Paul Spooren
0637093e8c iptables: enable nftable support by default
OpenWrt plans to move over to firewall4 which uses nftables under the
hood. To allow a smooth migration the package `iptables-nft` offer a
transparent wrapper to apply iptables rules to nftables.

Without the config option for nftables the package isn't installed and
therefore can't be tested. This commit enabled it and therefore provides
the wrapper.

The size of the iptables package increases from 25436 to 26500 Bytes.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-01-14 00:42:28 +01:00
Hans Dedecker
7f2052ef22 netifd: update to git HEAD
96902e8 Revert "netifd: add devtype to ubus call"
29e6acf netifd: add devtype to ubus call
7ccbf08 netifd: add devtype to ubus call

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2022-01-12 21:14:29 +01:00
Kevin Darbyshire-Bryant
e955a08340 firewall: update to latest HEAD
0f16ea5 options.c: add DSCP code LE Least Effort
24ba465 firewall3: remove redundant syn check
df1306a firewall3: fix locking issue
3624c37 firewall3: support table load on access on Linux 5.15+

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2022-01-10 11:45:15 +00:00
Stijn Tintel
0f50d3daff firewall4: bump to git HEAD
9a509d4 ruleset.uc: consolidate ip and ip6 offload
 21f311d ruleset.uc: don't trim newline before comment sign
 f121383 tests: enable flow offloading in tests
 550df40 tests: add test for unknown defaults option
 47c5a5b tests: add test for deprecated rule option
 69a89d6 tests: add test for unknown rule option
 07579df fw4.uc: handle interface zone option

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-01-09 17:38:18 +02:00
Andre Heider
5ee1e04517 ltq-vdsl: move to the default device name /dev/dsl_cpe_api/0
This makes patching it for ltq-vdsl-app unnecessary and paves the way
for VRX518 support.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-01-08 00:49:59 +01:00
Stijn Tintel
4d1f133561 firewall4: bump to git HEAD
main.uc: fix device gathering

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-01-06 21:30:14 +02:00
Jo-Philipp Wich
7881dce7d8 firewall4: fix syntax error in dependency spec
Fixes: ae60af8572 ("firewall4: order DEPENDS alphabetically")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-01-06 16:58:06 +01:00
Stijn Tintel
53b87a7a28 firewall/firewall4: provide uci-firewall
Provide uci-firewall via PROVIDES in both firewall and firewall4. This
will allow us to change the dependency of luci-app-firewall to
uci-firewall, making it possible to use it with either implementation.

Move CONFLICTS from firewall4 to firewall, to solve this recursive
dependency problem:

tmp/.config-package.in:307:error: recursive dependency detected!
tmp/.config-package.in:307:     symbol PACKAGE_firewall is selected by PACKAGE_firewall4
tmp/.config-package.in:328:     symbol PACKAGE_firewall4 depends on PACKAGE_firewall

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
2022-01-06 14:54:50 +02:00
Stijn Tintel
3ec25a657d firewall4: bump to git HEAD
4ead2a6 treewide: move executables to /sbin
 9ebc2f4 fw4.uc: filter duplicates in fw4.set
 85b74f3 treewide: support flow offloading
 be3b4e6 treewide: support hardware flow offloading
 38889b7 treewide: support set timeout
 31c7550 fw4.uc: do not skip defaults with invalid option
 334a127 fw4.uc: introduce DEPRECATED flag
 7a0d38f fw4.uc: add _name as deprecated option
 5e7ad3b fw4.uc: don't fail on unknown options
 be5f4e3 fw4.uc: allow use of cidr in ipsets

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
2022-01-06 14:54:43 +02:00
Stijn Tintel
ae60af8572 firewall4: order DEPENDS alphabetically
Add some line breaks while at at, to improve readability.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
2022-01-06 14:54:06 +02:00
Stijn Tintel
3d4acc34bb firewall4: drop kmod-ipt-nat from CONFLICTS
The limitation of not being able to use iptables and nft nat at the same
time exists only in kernels before 4.18.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
2022-01-06 14:53:47 +02:00
Nick Hainke
f61816fdff hostapd: refresh patchset
Recently the hostapd has undergone many changes. The patches were not refreshed.
Refreshed with
    make package/hostapd/{clean,refresh}

Refreshed:
    - 380-disable_ctrl_iface_mib.patch
    - 600-ubus_support.patch
    - 700-wifi-reload.patch
    - 720-iface_max_num_sta.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-12-31 12:11:59 +01:00
Stijn Tintel
9ba6ee4e25 nftables: allow quoted string in flowtable_expr_member
This is required to be able to use flow offloading on devices with
ifnames that start with a digit, like 6in4-wan6.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-12-31 02:07:13 +02:00
Hauke Mehrtens
137a7607ec layerscape: restool: Remove build of manpages
The build of the manpages needs the pandoc tool, this is not in the
minimal requirements of OpenWrt, just remove the build of the restool
manpage. This fixes the build on systems without pandoc like the OpenWrt build bots.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-12-28 16:09:12 +01:00
Raphaël Mélotte
69ce75fb12 hostapd: add fallback for WPS on stations
Up to now the WPS script triggered WPS on the stations only if it
could not trigger it successfully on any hostapd instance.

In a Multi-AP context, there can be a need (to establish a new
wireless backhaul link) to trigger WPS on the stations, regardless of
whether there is already a hostapd instance configured or not. The
current script makes it impossible, as if hostapd is running and
configured, WPS would always be triggered on hostapd only.

To allow both possibilities, the following changes are made:

- Change the "pressed" action to "release", so that we can make use of
the "$SEEN" variables (to know for how long the button was pressed).

- If the button is pressed for less than 3 seconds, keep the original
behavior.

- If the button is pressed for 3 seconds or more, trigger WPS on the
stations, regardless of the status of any running hostapd instance.

- Add comments explaining both behaviors.

- While at it, replace the usage of '-a' with a '[] && []'
construct (see [1]).

This gives users a "fallback" mechanism to onboard a device to a
Multi-AP network, even if the device already has a configured hostapd
instance running.

[1]: https://github.com/koalaman/shellcheck/wiki/SC2166

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-12-27 16:32:02 +00:00
Martin Schiller
a0ad1f36f0 umbim: add missing json_close_object call
Otherwise, connection setup may fail due to JSON parse error in netifd.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Updated commit description]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2021-12-27 13:51:41 +01:00
Martin Schiller
6d1cca7e65 umbim: explicitly check for PIN1 state
PIN2 is used only to restrict changing of fixed dialling feature,
does not affect network registration. Therefore explicitly check for
PIN1 state during connection setup, which is required for network
registration.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Updated commit description]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2021-12-27 13:51:41 +01:00
Martin Schiller
049870a7fe umbim: call umbim disconnect in error case
This is needed to properly close the control channel.

Otherwise, on the next try the caps call may fail.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-27 13:51:41 +01:00
David Bauer
5ca7793418 hostapd: add missing function declaration
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-12-27 03:13:36 +01:00
Hauke Mehrtens
18bdfc803b tcpdump: libpcap: Remove http://www.us.tcpdump.org mirror
The http://www.us.tcpdump.org mirror will go offline soon, only use the
normal download URL.

Reported-by: Denis Ovsienko <denis@ovsienko.info>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-12-27 00:49:08 +01:00
Felix Fietkau
5e67cd63c4 hostapd: only attempt to set qos map if supported by the driver
Fixes issues with brcmfmac

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-23 19:18:56 +01:00