To find the DS record for a given zone the parent zone's nameserver must
be queried and not the nameserver for the zone. Otherwise DNSSEC
verification for unsigned delegations breaks.
Signed-off-by: Uwe Kleine-König <uwe+openwrt@kleine-koenig.org>
Link: https://patchwork.ozlabs.org/project/openwrt/patch/20250127151223.1420006-1-uwe+openwrt@kleine-koenig.org/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6dc0f0c50cf1072ec3751c0fb1fc152a0a86487d)
Pass the correct device name in the network_del ubus call
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 80ba0d958dc96fb7aba26614f71325507fabd58a)
The lldp_class and lldp_location config option are only valid when
compiled with LLDP-MED support. If not they will cause lldpd not to
start.
Signed-off-by: Sebastian Pflieger <sebastian@pflieger.email>
Link: https://github.com/openwrt/openwrt/pull/17571
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 2c22d7c3a4a7edcce1af656c8cddb1ab163e3d02)
lldpd was updated, so reset PKG_RELEASE after the PKG_VERSION update.
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit abbec429b40f149f9c5a99a64ee7bf4e804fbb7d)
Changes (breaking):
- Remove support for building 802.3bt TLVs (broken).
Fix:
- Fix memory leaks in EDP/FDP decoding when receiving some TLVs twice.
- Do not set interface description continuously.
- Use a different Netlink socket for changes and queries.
Signed-off-by: Sebastian Pflieger <sebastian@pflieger.email>
Link: https://github.com/openwrt/openwrt/pull/17570
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit a18385041eaeaf6d98ab79a30ce5fba4e712b765)
This can be used to configure the base mac address from which all
interface mac addresses are derived
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 00860e485b2ef82c1fafc8e011f3a8965e317bca)
Do not strip the first character from the field name
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 59dd9cddf9e72d1f9b4ff7e01ae32d2fa99259d9)
Without this patch, we get the following error:
Mon Dec 23 11:35:44 2024 daemon.err hostapd: nl80211: kernel reports: integer out of range
As updating hostapd would be too complex and requires further testing,
we backport this simple upstream fix instead.
Fixes: https://github.com/openwrt/openwrt/issues/16680
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/17590
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 5ce1af9539da667f62dc3cb426f9ec36e53fb54e)
Link: https://github.com/openwrt/openwrt/pull/17591
Signed-off-by: Robert Marko <robimarko@gmail.com>
Regarding SAE support in wifi-station:
Important Note: Unlike PSK wifi-stations, both `mac` and `key` options are required
to make it work. With PSK, hostapd used to perform a brute-force match to find which
PSK entry to use, but with SAE this is infeasible due to SAE's design.
When `mac` is omitted, it will allow any MAC address to use the SAE password if it
didn't have a MAC address assigned to it, but this could only be done once.
The last wildcard entry would be used.
Also, unlike "hostapd: add support for SAE in PPSK option" (commit 913368a),
it is not required to set `sae_pwe` to `0`. This gives it a slight advantage
over using PPSK that goes beyond not needing RADIUS.
Example Configuration:
```
config wifi-vlan
option iface default_radio0
option name 999
option vid 999
option network management
config wifi-station
# Allow user with MAC address 00:11:22:33:44:55 and matching
# key "secretadminpass" to access the management network.
option iface default_radio0
option vid 999
option mac '00:11:22:33:44:55'
option key secretadminpass
config wifi-vlan
option iface default_radio0
option name 100
option vid 100
option network guest
config wifi-station
# With SAE, when 'mac' is omitted it will be the fallback in case no
# other MAC address matches. It won't be possible for a user that
# has a matching MAC to use this network (i.e., 00:11:22:33:44:55
# in this example).
option iface default_radio0
option vid 100
option key guestpass
```
Regarding PSK file creation optimization:
This patch now conditionally runs `hostapd_set_psk_file` depending on `auth_type`.
Previously, `hostapd_set_psk` would always execute `hostapd_set_psk_file`, which
would create a new file if `wifi-station` was in use even if PSK was not enabled.
This change checks the `auth_type` to ensure that it is appropriate to parse the
`wifi-station` entries and create those files.
Furthermore, we now only configure `wpa_psk_file` when it is a supported option
(i.e., psk or psk-sae is used). Previously, we used to configure it when it was
not necessary. While it didn't cause any issues, it would litter `/var/run` with
unnecessary files. This patch fixes that case by configuring it depending on the
`auth_type`.
The new SAE support is aligned with these PSK file changes.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/17145
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 65a1c666f2eb2511430a9064686b3590e08b1773)
Link: https://github.com/openwrt/openwrt/pull/17248
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
access to undeclared variable radio In [anonymous function](), file /usr/share/hostap/hostapd.uc, line 830, byte 45:
Signed-off-by: Florian Maurer <f.maurer@outlook.de>
(cherry picked from commit 31e45f62cafbc9361c72d320241e589b31e2b5ed)
Fixes accessing PHY status in AP+STA configurations
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 8943430b9f8046d49842de6b40f9c90fb57fff04)
93461ca4c827 unet-cli: only apply defaults on create
3e5766783d5d unet-tool: add support for confirming password
074d3659ca4a unet-cli: confirm password when creating new seed based key
bf3488a3807a unet-cli: add add/set-local-host command
9eb57c528461 unet-cli: add support for setting interface zone
a0a2d80f3459 ubus: add firewall rules for network port/pex_port via procd
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f077e058fd485ab87f0995351a3ddc0a009e4593)
Ensure that peers can be exchanged over any interface
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f8a16524c4a4070d61a32f6203ea5e26cea125d4)
d22d7db581d5 bpf_skb_utils.h: add missing include to fix build against newer kernel headers
bbd3e0eb1419 host: fix peer routes on a node acting as gateway
b17164751fc7 unet-tool: add support for generating keys from salt + seed passphrase
041e05870c20 unet-tool: add support for dumping pubkey from signed file
b58920d420cb unet-tool: add support for extracting network data from signed bin file
f335f5b40b4e unet-cli: add support for generating key from seed
8b1f1d099352 unet-cli: add support for importing networks from signed data
188ba05eadf2 unet-cli: add missing command line help for import
8f15fc306a40 unet-cli: fix add-ssh-host with seed keys
486bc3b86dc2 pex-msg: enable broadcast for global PEX socket
e4a24cdfbc1c unet-cli: fix defaults on create
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit af1740a28b63ecc6683dceb249a1f75af5e9098d)
The config_get_bool also works with on/off, yes/no, true/false.
Add 'main' section name. This will make it easier to change settings from uci.
Add a link to documentation.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15579
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 4511fa4b30f73185597990ce563bbf3f96385292)
Link: https://github.com/openwrt/openwrt/pull/17097
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The ppp package can support all features since Linux 4.7.0 kernel.
Therefore, most kernel version checks can pass unconditionally on
OpenWrt v18.06 and later version. This patch can reduce the size
of ppp package by approximately 2.5 KB.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16695
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3dbe730080e70e96990a5e89cbe2035adcca8d4b)
Link: https://github.com/openwrt/openwrt/pull/17097
Signed-off-by: Petr Štetiar <ynezz@true.cz>
These two were getting rather long.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Link: https://github.com/openwrt/openwrt/pull/16849
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 8b6d5874b88bbe2e7a53bcab0e102b8781480880)
Link: https://github.com/openwrt/openwrt/pull/17097
Signed-off-by: Petr Štetiar <ynezz@true.cz>
It seems some package (sstp-client) makes use of pppd.pc file to detect
the ppp version as 2.5.0 changed some API.
Also install the .pc file to permit the version detection of pppd.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Supports reading the same parameters currently being used by iwinfo.
Preparation for replacing iwinfo with a rewrite in ucode.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
don't use configuration directories which are relative
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add support for handling of DNS RR (Resource Records) requests, which
are needed for the HTTPS Type 65 records, introduced to support the
DNS-based Service Discovery (DNS-SD) mechanism for HTTPS services and
defined in the RFC 9460 (9.1. Query Names for HTTPS RRs).
Ref: https://forum.openwrt.org/t/resolving-query-type-65-to-local-address-for-ios-clients-in-dnsmasq/179504/11
uci config usage:
config dnsrr
option rrname 'foo.example.com'
option rrnumber '65'
option hexdata '00'
hexdata is optional.
Available since dnsmasq 2.62 (for around 12 years at this point).
Note: dnsmasq dns-rr are not affected by filter-rr
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Tested-by: Vladimir Kochkovski <ask@getvladimir.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Prevents problems when variables contain spaces.
Tested on: 23.05.3
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Users can now freely add new dnsmasq parameters (i.e. a whole config)
via extraconf. This means users can add their own parameters without
changes to init or GUI.
Co-opted the default of confdir also to include the instance name.
This way each instance gets its own .d directory (and separate instances
do not all inherit the same 'extraconftext').
Usage:
config dnsmasq 'config'
...
option extraconftext 'cache-size=2048\nlog-async=20'
config dnsmasq 'blah'
...
option extraconftext 'cache-size=128\nlog-async=5'
or even (which would produce staggered output but still valid)
config dnsmasq 'blah'
...
option extraconftext 'cache-size=128
log-async=5'
See https://forum.openwrt.org/t/add-dnsmasq-custom-options-field-in-luci-gui/193184
Tested on: 23.05.3, 22.03.6
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Tested-by: Vladimir Kochkovski <ask@getvladimir.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
dnsmasq v2.90 introduced `--cache-rr=<rrtype>[,<rrtype>...]`.
uci config usage:
config dnsmasq
...
option cache_rr 'AAAA,CNAME,NXDOMAIN,SRV,...'
The dnsmasq instance internally builds a linked list of RR to cache
from the individually supplied parameters, so it's allowed to provide
multiples:
... --cache-rr=AAAA --cache-rr=A ...
See https://forum.openwrt.org/t/resolving-query-type-65-to-local-address-for-ios-clients-in-dnsmasq/179504
Tested on: 23.05.2
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Tested-by: Vladimir Kochkovski <ask@getvladimir.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
dnsmasq v2.90 introduced `--filter-rr=<rrtype>[,<rrtype>...]`.
uci config usage:
config dnsmasq
...
option filter_rr 'AAAA,CNAME,NXDOMAIN,SRV,...'
The dnsmasq instance internally builds a linked list of RR to filter
from the individually supplied parameters, so it's harmless to provide
synonyms:
... --filter-A --filter-rr=A ...
See https://forum.openwrt.org/t/resolving-query-type-65-to-local-address-for-ios-clients-in-dnsmasq/179504/23
Tested on: 23.05.2
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Tested-by: Vladimir Kochkovski <ask@getvladimir.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The latest ppp version seems to no longer require these ancient
build fixes.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16605
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In the original code, the entire time delay of the discovery phase
is only 5+5x2+5x2x2 = 35s. Increasing timeout may be necessary if
discovery phase fails on first attempt. There is a chance to fix
the "Timeout waiting for PADO packets" issue by removing this patch.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16605
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The uClibc library support was removed since commit:
57fe7d5401e3 ("toolchain: remove uClibc install stuff")
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16605
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This can happen if the bridge or a stacked vlan device gets recreated.
Ensure that hostapd sees the change and handles it gracefully.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
fbaca4b cache: improve update call by doing a full refresh probe
93c9036 dns: reply to A/AAAA questions for additional hostnames
Signed-off-by: John Crispin <john@phrozen.org>
In file included from hostapd-wpad-basic-mbedtls/hostapd-2024.03.09~695277a5/src/ap/ubus.h:11,
from hostapd-wpad-basic-mbedtls/hostapd-2024.03.09~695277a5/src/ap/hostapd.h:21,
from main.c:26:
hostapd-2024.03.09~695277a5/src/ap/sta_info.h: In function 'ap_sta_is_mld':
hostapd-2024.03.09~695277a5/src/ap/sta_info.h:425:20: error: invalid use of undefined type 'struct hostapd_data'
425 | return hapd->conf->mld_ap && sta && sta->mld_info.mld_sta;
| ^~
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Ipv6 delegate option is not respected by proto of ppp/pptp/pppoe/pppoa
this add support for them.
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15508
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
If the `intval` obtained from `info` is indeed 0, it cannot be set to `conf`.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15495
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
