- fix variable references for ft key
- add r0kh and r1kh if ft_generate_local is not set (logic inversion bug)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The internal hostapd version cannot be built with EAP-pwd support, so
enable it only for the SSL variants.
Fixes: #17163
Fixes: 6365316fab ("hostapd: add ubus support for wired driver")
Link: https://github.com/openwrt/openwrt/pull/17164
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add an ucode based re-implementation of the shell script based wifi code.
The new code is jsonschema driven. The code has been refactored into several
files making it easier to follow.
The new scripts are also way faster than the previous sh implementation.
The new code is currently opt-in via WIFI_SCRIPTS_UCODE and defaults to
EXPERIMENTAL.
Signed-off-by: John Crispin <john@phrozen.org>
Add an ucode based re-implementation of iwinfo. The tool behaves like the old
one with a few minor output differences. It is now possible to add -j to any
command resulting in JSON output.
The new code is currently opt-in via WIFI_SCRIPTS_UCODE and defaults to
EXPERIMENTAL.
Signed-off-by: John Crispin <john@phrozen.org>
Use and alternate ubus object when the config contains "driver=wired". This
commit is in preparation of the ieee8021x-wired daemon.
Signed-off-by: John Crispin <john@phrozen.org>
This allows a radius server to send AVPs for client rate control inside the
accept message. Further add the ratelimits to the sta-authorized ubus
notification.
Signed-off-by: John Crispin <john@phrozen.org>
Avoid harmless error from network script by checking presence of
now-optional wifi support script, most notably confusing users of x86
snapshots.
Fixes: #14964
Signed-off-by: Andris PE <neandris@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14986
Signed-off-by: Robert Marko <robimarko@gmail.com>
86da5cbcdb9d system-linux: do not pull ifindex/flags from netlink messages on rtnl events
cd96f61ba63e proto-shell: fix spurious interface teardowns with host deps
a39fe3a8b150 wireless: add support for adding a list of devices for a wifi-iface
d29cf707478c iprule: add ipproto property
768027c5a764 system-linux: restore reading flags from netlink messages
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17074
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fixup capabilities parsing in iw output.
In addition to the normal capabilities iw now also outputs HE MAC, HE
PHY and EHT MAC and EHT PHY capabilities. Exclude them in the parsing.
The grep returns this with mac80211-hwsim:
```
root@OpenWrt:~# iw phy phy0 info | grep 'Capabilities:'
Capabilities: 0x107e
HE PHY Capabilities: (0x02bfce0000000000000000):
EHT PHY Capabilities: (0x7c0000feffff7f01):
HE PHY Capabilities: (0x02bfce0000000000000000):
EHT PHY Capabilities: (0x7c0000feffff7f01):
HE PHY Capabilities: (0x02bf000000000000000000):
Capabilities: 0x107e
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfc1f3ffeffff7f37):
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfc1f3ffeffff7f37):
HE PHY Capabilities: (0x1cbf000000000000000000):
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfefffffeffffff7f):
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfefffffeffffff7f):
HE PHY Capabilities: (0x1cbf000000000000000000):
Capabilities: 0x107e
```
With busybox 1.36.1 the ht_cap_mask variable will be set to
-72057598332895361. With busybox 1.37.0 it will be set to -1.
Both values are wrong, after this change it will be set to 4222
(0x107E).
Link: https://github.com/openwrt/openwrt/pull/17043
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
b6ae9ffaeb0e odhcp6c: allow to request specific ipv6 prefix
Signed-off-by: He Ping <pinghejk@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17013
Signed-off-by: Petr Štetiar <ynezz@true.cz> [hash, commit]
The config_get_bool also works with on/off, yes/no, true/false.
Add 'main' section name. This will make it easier to change settings from uci.
Add a link to documentation.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15579
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The ppp package can support all features since Linux 4.7.0 kernel.
Therefore, most kernel version checks can pass unconditionally on
OpenWrt v18.06 and later version. This patch can reduce the size
of ppp package by approximately 2.5 KB.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16695
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
These two were getting rather long.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Link: https://github.com/openwrt/openwrt/pull/16849
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
e93f6c3fc729 main: fix format string related warnings for log/debug printf functions
6ab44a2413f9 fix signed/unsigned comparison warnings
4fe997b61d7d system-dummy: add system_if_apply_settings_after_up
992d33cb42a6 ubus: add notifications on wireless device state changes
34eb11eb6f5c device/interface: add "tags" attribute from config to status dump
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This allows annotating wifi interfaces in the config in a way that can be
queried through wifi status. One example use case is to mark wifi interfaces
for use with specific services without having to explicitly reference the
(often unnamed) sections from elsewhere.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Currently, xdp-tools doesn't compile on build systems where
bpftool is installed because additional tools and BPF programs
will be compiled then, which results in build errors.
This commit disables the compilation of those bpftool-dependent tools.
Signed-off-by: Til Kaiser <mail@tk154.de>
Link: https://github.com/openwrt/openwrt/pull/16787
Signed-off-by: Robert Marko <robimarko@gmail.com>
Drop the patch to re-add the vlan_hdr struct
because it is required now to build xdp-filter.
Signed-off-by: Til Kaiser <mail@tk154.de>
Link: https://github.com/openwrt/openwrt/pull/16798
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
It seems some package (sstp-client) makes use of pppd.pc file to detect
the ppp version as 2.5.0 changed some API.
Also install the .pc file to permit the version detection of pppd.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Supports reading the same parameters currently being used by iwinfo.
Preparation for replacing iwinfo with a rewrite in ucode.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This allows to obtain detailed diagnostic information about the DSL
connection from the modem. The script is copied from the corresponding
packages for VDSL modems.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Link: https://patchwork.ozlabs.org/project/openwrt/patch/20241019174041.1281093-4-jan@3e8.eu/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is a preparation for adding support for dsl_cpe_pipe.sh with a
similar set of commands compared to the VDSL variant.
The configuration is simplified by using the "--enable-model" option.
Other options are chosen to match the VDSL variant, while also making
sure that previously enabled options stay like that. However, ReTx
options stay disabled, because of incompatibility with the ubus code.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Link: https://patchwork.ozlabs.org/project/openwrt/patch/20241019174041.1281093-3-jan@3e8.eu/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
don't use configuration directories which are relative
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add support for handling of DNS RR (Resource Records) requests, which
are needed for the HTTPS Type 65 records, introduced to support the
DNS-based Service Discovery (DNS-SD) mechanism for HTTPS services and
defined in the RFC 9460 (9.1. Query Names for HTTPS RRs).
Ref: https://forum.openwrt.org/t/resolving-query-type-65-to-local-address-for-ios-clients-in-dnsmasq/179504/11
uci config usage:
config dnsrr
option rrname 'foo.example.com'
option rrnumber '65'
option hexdata '00'
hexdata is optional.
Available since dnsmasq 2.62 (for around 12 years at this point).
Note: dnsmasq dns-rr are not affected by filter-rr
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Tested-by: Vladimir Kochkovski <ask@getvladimir.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Prevents problems when variables contain spaces.
Tested on: 23.05.3
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Users can now freely add new dnsmasq parameters (i.e. a whole config)
via extraconf. This means users can add their own parameters without
changes to init or GUI.
Co-opted the default of confdir also to include the instance name.
This way each instance gets its own .d directory (and separate instances
do not all inherit the same 'extraconftext').
Usage:
config dnsmasq 'config'
...
option extraconftext 'cache-size=2048\nlog-async=20'
config dnsmasq 'blah'
...
option extraconftext 'cache-size=128\nlog-async=5'
or even (which would produce staggered output but still valid)
config dnsmasq 'blah'
...
option extraconftext 'cache-size=128
log-async=5'
See https://forum.openwrt.org/t/add-dnsmasq-custom-options-field-in-luci-gui/193184
Tested on: 23.05.3, 22.03.6
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Tested-by: Vladimir Kochkovski <ask@getvladimir.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
dnsmasq v2.90 introduced `--cache-rr=<rrtype>[,<rrtype>...]`.
uci config usage:
config dnsmasq
...
option cache_rr 'AAAA,CNAME,NXDOMAIN,SRV,...'
The dnsmasq instance internally builds a linked list of RR to cache
from the individually supplied parameters, so it's allowed to provide
multiples:
... --cache-rr=AAAA --cache-rr=A ...
See https://forum.openwrt.org/t/resolving-query-type-65-to-local-address-for-ios-clients-in-dnsmasq/179504
Tested on: 23.05.2
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Tested-by: Vladimir Kochkovski <ask@getvladimir.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
dnsmasq v2.90 introduced `--filter-rr=<rrtype>[,<rrtype>...]`.
uci config usage:
config dnsmasq
...
option filter_rr 'AAAA,CNAME,NXDOMAIN,SRV,...'
The dnsmasq instance internally builds a linked list of RR to filter
from the individually supplied parameters, so it's harmless to provide
synonyms:
... --filter-A --filter-rr=A ...
See https://forum.openwrt.org/t/resolving-query-type-65-to-local-address-for-ios-clients-in-dnsmasq/179504/23
Tested on: 23.05.2
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Tested-by: Vladimir Kochkovski <ask@getvladimir.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch allows the use of SAE when using PPSK after
https://w1.fi/cgit/hostap/commit/?id=fcbdaae8a52e542705a651ee78b39b02935fda20
added support for it.
It also implements a fix so that this option works with SAE. The reason this
doesn't work out of the box is because OpenWRT deviates from hostapd defaults
by setting `sae_pwe` option to 2 which makes this mode not function properly
(results in every auth attempt being denied).
That issue was addressed by not overriding hostapd's default for the `sae_pwe`
option when the PPSK option is in use. This should be fine because hostapd's
test cases specifically test this mode with the default SAE parameters. See:
https://w1.fi/cgit/hostap/commit/?id=c34b35b54e81dbacd9dee513b74604c87f93f6a3
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/16343
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
From the upstream repo:
Instead of assuming only one register is used, track all 16 regs
individually.
This avoids need for the 'PREV_PAYLOAD' hack and also avoids the need to
clear out old flags:
When we see that register 'x' will be written to, that register state is
reset automatically.
Existing dissector decodes
ip saddr 1.2.3.4 meta l4proto tcp
... as
-s 6.0.0.0 -p tcp
iptables-nft -s 1.2.3.4 -p tcp is decoded correctly because the expressions
are ordered like:
meta l4proto tcp ip saddr 1.2.3.4
|
... and 'meta l4proto' did clear the PAYLOAD flag.
The simpler fix is:
ctx->flags &= ~NFT_XT_CTX_PAYLOAD;
in nft_parse_cmp(), but that breaks dissection of '1-42', because
the second compare ('cmp lte 42') will not find the
payload expression anymore.
This commit fixes#11169 and openwrt/packages#22727, and potentially anyone that uses iptables-nft legacy support.
Signed-off-by: Rodrigo B. de Sousa Martins <rodrigo.sousa.577@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16504
[Added patch header]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
ffba75c9cd8f iptables: free xtables_match if found in need_protomatch
bf1d5fdf6234 iptables: fix regression with unintended free in need_protomatch
1aef9791a21e defaults.c: fix ipv6 flow offloading
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The latest ppp version seems to no longer require these ancient
build fixes.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16605
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In the original code, the entire time delay of the discovery phase
is only 5+5x2+5x2x2 = 35s. Increasing timeout may be necessary if
discovery phase fails on first attempt. There is a chance to fix
the "Timeout waiting for PADO packets" issue by removing this patch.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16605
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The uClibc library support was removed since commit:
57fe7d5401 ("toolchain: remove uClibc install stuff")
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16605
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>