Commit Graph

4239 Commits

Author SHA1 Message Date
Felix Fietkau
6e391325af hostapd: remove workaround for broken WPA IEs in ancient devices
Affected devices were already quite old when this patch was added.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-04 13:38:18 +02:00
Eneas U de Queiroz
92379080ea hostapd: adjust patches to work with git am
This adds From:, Date: and Subject: to patches, allowing one to run 'git
am' to import the patches to a hostapd git repository.

From: and Date: fields were taken from the OpenWrt commit where the
patches were first introduced.

Most of the Subject: also followed suit, except for:
 - 300-noscan.patch: Took the description from the LuCI web interface
 - 350-nl80211_del_beacon_bss.patch: Used the file name

The order of the files in the patch was changed to match what git
format-patch does.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2024-04-04 12:12:43 +02:00
Eneas U de Queiroz
3f5a9e80da hostapd: remove unused fix
Patch 050-build_fix.patch fixes the abscence of sha384-kdf.o from the
list of needed objetct files when FILS is selected without any other
option that will select the .o file.

While it is a bug waiting to be fixes upstream, it is not needed for
OpenWrt use case, because OWE already selects sha384-kdf.o, and FILS is
selected along with OWE.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2024-04-04 12:12:43 +02:00
Eneas U de Queiroz
24d0e74627 hostapd: bump to 2024-03-09
This brings many changes, including fixes for a couple of memory leaks,
and improved interoperability with 802.11r.  There are also many changes
related to 802.11be, which is not enabled at this time.

Fixed upstream:
 - 022-hostapd-fix-use-of-uninitialized-stack-variables.patch
 - 180-driver_nl80211-fix-setting-QoS-map-on-secondary-BSSs.patch
 - 993-2023-10-28-ACS-Fix-typo-in-bw_40-frequency-array.patch

Switch PKG_SOURCE_URL to https, since http is not currently working.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Tested-by: Ilya Katsnelson <me@0upti.me>
Tested by: Andrew Sim <andrewsimz@gmail.com>
2024-04-04 12:12:43 +02:00
Paul Spooren
2070049c1c unetd: fix PKG_MIRROR_HASH
Our CI on GitHub as well as my local machine generates a different
PKG_MIRROR_HASH from what Felix uploaded the other day.

After receiving Felix file, both have indeed different hashes, however
when unpackaged via `xz -d` both have the same tarball content.

Below the checksums to compare:

a62bef497078c7b825f11fc8358c1a43f5db3e6d4b97812044f7653d60747d5b  dl/unetd-2024.03.31~80645766.tar.xz
fbdac59581742bf208c18995b1d69d9848c93bfce487e57ba780d959e0d62fc4  dl/unetd-2024.03.31~80645766_felix.tar.xz

After unpacking:

a7189cae90bc600abf3a3bff3620dc17a9143be8c27d27412de6eb66a1cf1b7d  dl/unetd-2024.03.31~80645766.tar
a7189cae90bc600abf3a3bff3620dc17a9143be8c27d27412de6eb66a1cf1b7d  dl/unetd-2024.03.31~80645766_felix.tar

The tarball with the wrong hash was accidentally generated without the xz
revert to version 5.4.6

Signed-off-by: Paul Spooren <mail@aparcar.org>
2024-04-03 13:27:20 +02:00
Felix Fietkau
a112ed4126 unetd: update to Git HEAD (2024-03-31)
52144f723bec pex: after receiving data update req, notify peer of local address/port
29aacb9386e0 pex: track indirect hosts (reachable via gateway) as peers without adding them to wg
48049524d4fc pex: do not send peer notifications for hosts with a gateway
12ac684ee22a pex: do not query for hosts with a gateway
203c88857354 pex: fix endian issues on config transfer
a29d45c71bca network: fix endian issue in converting port to network id
cbbe9d337a17 unet-cli: emit id by default
806457664ab6 unet-cli: strip initial newline in usage message

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-03-31 19:42:30 +02:00
Robert Marko
bf4c04a4d0 hostapd: fix Argument list too long build error
Currently, both CI and local builds of wpa-supplicant will fail with:
/bin/sh: Argument list too long

Its happening as the argument list for mkdir in build.rules is too large
and over the MAX_ARG_STRLEN limit.

It seems that recent introduction of APK compatible version schema has
increased the argument size and thus pushed it over the limit uncovering
the issue.

Fixes: e8725a932e ("treewide: use APK compatible version schema")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-03-25 11:02:16 +01:00
Hauke Mehrtens
a693291ca9 libiwinfo: update to Git HEAD (2024-03-23)
3aa2b6b devices: add device id for MediaTek MT7601U
79a9615 devices: add device id for Realtek RTL8188CU and RTL8188FTV

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-03-23 19:36:34 +01:00
Paweł Owoc
a91b79fd04 mac80211: add missing config for third 160MHz width for 5GHz radio
Without this configuration it is not possible to run the radio using HE160 on channels 149-177.

Fixes: #14906
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
2024-03-23 16:57:24 +01:00
Paul Spooren
e8725a932e treewide: use APK compatible version schema
Different from OPKG, APK uses a deterministic version schema which chips
the version into chunks and compares them individually. This enforces a
certain schema which was previously entirely flexible.

 - Releases are added at the very and end prefixed with an `r` like
`1.2.3-r3`.
- Hashes are prefixed with a `~` like `1.2.3~abc123`.
- Dates become semantic versions, like `2024.04.01`
- Extra tags are possible like `_git`, `_alpha` and more.

For full details see the APK test list:
https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/master/test/version.data

Signed-off-by: Paul Spooren <mail@aparcar.org>
2024-03-22 22:14:22 +01:00
Daniel Golle
56448cc8c1 umdns: fix PKG_MIRROR_HASH
PKG_MIRROR_HASH was accidentally generated with already APK-adapted
version string in the filename. That can't work (yet). Regenerate and
hash the file with the currently used version scheme to fix that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-03-20 23:44:10 +00:00
Daniel Golle
5d34c835a1 umdns: update to git HEAD
e91ed40 ubus: assume that the service iface can be NULL
 4094a3c interface: remove unused peer field
 8a0c9db interface: add missing cache cleanup on interface free
 3b341f4 add the ability to announce additional hostnames

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-03-20 19:43:10 +00:00
Daniel Golle
330d67ecc0 umdns: add /etc/umdns/ to mount namespace jail
Make sure /etc/umdns/ is accessiable for the umdns process if it
exists and umdns is run with umdns.@umdns[0].jail='1'.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-03-20 19:23:50 +00:00
Hauke Mehrtens
28c87d7ecd dnsmasq: Backport 2 upstream patches
These two patches are fixing minor problems with DNSSEC found shortly
after the dnsmasq 2.90 release.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-03-20 01:18:21 +01:00
Arayuki Mago
21eeb45420 ds-lite: Add support for IPIP6(RFC2473) tunnel
Add Generic Packet Tunneling in IPv6 Specification (RFC 2473) support.

Signed-off-by: Arayuki Mago <ms@missing233.com>
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2024-03-16 13:15:18 +08:00
Robert Marko
694e647784 dnsmasq: reset PKG_RELEASE
dnsmasq was recently updated to 2.90, but PKG_RELEASE was not reset to 1.

Fixes: 838a27f64f ("dnsmasq: version 2.90")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-03-13 14:02:23 +01:00
Paul Donald
f753d3152f lldpd: update URL
update Makefile URL

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-12 20:41:01 +01:00
Paul Donald
5364fe0f01 lldpd: shellcheck fixes
No functionality/behaviour changes; code is synonymous

Tested on: 22.03.6

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-12 20:40:25 +01:00
Paul Donald
497fafb8ae lldpd: implement lldp_policy parameter
For certain lldp_class scenarios (2 & 3) a policy must be set also.
Class 4 is default, although it's good to handle the policy eventuality.

Here, set a default lldp_policy for all lldp_class scenarios. Any
lldp_policy can now be set.

Depends on PR #14584 (which introduced an `if` block)

Tested on 22.03.5, 22.03.6

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-12 20:39:06 +01:00
Paul Donald
53252eeb3b lldpd: Implement location parameter
Previously only partially implemented. After commit
5007f488bb lldp_location was never removed

Now, add the value of lldp_location to the generated config.

The location param has a few syntaxes, so the config acquires the first
usage from the man page: 'address country EU'

Supplementary fix for PR #14193 (this param was included in the original
PR #13018 but the lldp_location fixes were absent from PR #14193).

Tested on 22.03.5, 22.03.6

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 15:35:58 +01:00
Paul Donald
79ee4cb039 lldpd: fix error "sh: XXXms: bad number"
from commit 3ce909914a

The lldpd man page says that "configure lldp tx-interval" can
specify an interval value in milliseconds by appending a "ms" suffix to
the figure. Thus mandating string handling, and not integer comparison.

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
228d4e7f1b lldpd: refactor out ifaces derivation; reuse function
from commit 909f063066

Now pass two params to get_config_cid_ifaces() for:

cid_interface
interface

Each of which is a CSV of interfaces.

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
4dcece46a7 lldpd: remove unneeded quotes
from commit a5f715da71

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
bd1b17d589 lldpd: remove unneeded quotes and variable quoting
from commit ac771313eb

portidsubtype takes 1 of 2 possible keywords which do not need quoting:

         configure lldp portidsubtype ifname | macaddress

The third keyword 'local' is used in the syntax when individual ports
are being defined:

         configure [ports ethX [,…]] lldp portidsubtype local value

When this syntax is used, quoting is useful (see test cases for lldpd).
In the init file, the 'local' syntax is unused.

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
24a4da527f lldpd: remove unneeded quotes and variable quoting
from commit c98ee4dbb3

agent-type takes 1 of 3 possible keywords which do not require quoting:

         configure lldp agent-type nearest-bridge | nearest-non-tpmr-bridge
         | nearest-customer-bridge

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
b039641071 lldpd: remove unneeded quotes and variable quoting
from commit 3ce909914a

'capabilities enabled x' where x is a string of CSV

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
82ec853284 lldpd: remove unneeded quotes
from commit 3ce909914a

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
20a4dddeb0 lldpd: remove unneeded quotes and variable quoting
from commit 24176a6bdd

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
4fb8fea6de lldpd: fix a paste error
from commit 1be2088a52

The original PR #13018 did not exhibit this.

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
1909b6f883 lldpd: spell fixes
Supplementary fix for PR #14193

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Paul Donald
97eb3bf76c lldpd: fix -k 'lldp_no_version' row
Supplementary fix for PR #14193 and commit
b67182008f

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-03-11 09:58:20 +01:00
Nathaniel Wesley Filardo
838a27f64f dnsmasq: version 2.90
Bump to 2.90 to get upstream's fix for DNSSEC KeyTrap (CVE-2023-50387,
CVE-2023-50868) among many other goodies and fixes (notably, upstream
568fb024... fixes a UAF in cache_remove_uid that was routinely crashing
dnsmasq in my deployment).

Catch up our 200-ubus_dns.patch, too.

Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
2024-03-11 09:55:15 +01:00
Christian Marangi
abbe909569
libiwinfo: update to Git HEAD (2024-03-08)
163a640fef30 devices: add device id for Qualcomm Atheros QCA6174
8ffb8bfd1115 devices: add add Qualcomm Atheros IPQ6018 WiSoC compatible

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-03-08 14:26:34 +01:00
Paul Donald
dd8850756d umdns: prevent a few 'uci: Entry not found'
pass '-q' switch to uci to prevent spurious output

Signed-off-by: Paul Donald <newtwen@gmail.com>
2024-02-27 20:10:08 +01:00
Julius Lehmann
1d456c5e7a dnsmasq: Fix wrong format for --dhcp-boot option
dnsmasq --dhcp-boot option uses 'tag' instead of 'net' to specify tags

Signed-off-by: Julius Lehmann <lehmanju@devpi.de>
2024-02-26 21:24:37 +01:00
Hauke Mehrtens
5df7a78e82 wifi-scripts: Support HE Iftypes with multiple entries
With mac80211_hwsim I have seen such entries in OpenWrt 22.03:
    HE Iftypes: managed, AP
The mac80211.sh script did not detect the entry and failed. Allow
arbitrary other entries before to fix this problem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-02-22 21:45:44 +01:00
Yegor Yefremov
62acd9a2f9 dnsmasq: rework network interface ignore
In some situations (slow protocol or interfaces with auto 0), the
interfaces are not available during the dnsmasq initialization and
hence, the ignore setting will be skipped.

Install an interface trigger for ignored interfaces in case their
ifname cannot be resolved.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2024-02-22 09:17:25 +01:00
Eneas U de Queiroz
472312f83f
wifi-scripts: fix FILS AKM selection with EAP-192
Fix netifd hostapd.sh selection of FILS-SHA384 algorithm with eap-192.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2024-02-17 08:36:48 -03:00
Felix Fietkau
2a2abed0be wifi-scripts: create the wlan object in board_data if not present
Fixes an error in wifi detection

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-13 19:26:58 +01:00
Felix Fietkau
2b4941a6f1 wifi-scripts: fix fullmac phy detection
Checking for AP_VLAN misdetects ath10k-ath12k as fullmac, because of software
crypto limitations. Check for monitor mode support instead, which is more
reliable.

Fixes: https://github.com/openwrt/openwrt/issues/14575
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-09 12:18:59 +01:00
Konstantin Demin
3f96246e97 dropbear: better handle interfaces
- introduce 'DirectInterface' option to bind exactly to specified interface;
  fixes #9666 and late IPv4/IPv6 address assignment
- option 'DirectInterface' takes precedence over 'Interface'
- improve interface/address handling,
  e.g. verify count of listening endpoints due to dropbear limit (10 for now)

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
865ae1c10c dropbear: better handle receive window size
- correct maximum receive window size
- adjust receive window size against maximum allowed value
- warn about too high receive window size in syslog

improves f95eecfb

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
05100d8651 dropbear: adjust file permissions
runtime:
- adjust ownership/permissions while starting dropbear
build time:
- correct file permissions for preseed files in $(TOPDIR)/files/etc/dropbear/ (if any)

closes #10849

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
a97e0dad6e dropbear: 'rsakeyfile' -> 'keyfile' transition
end users should have done this since OpenWrt 19.07.
if they didn't do this yet - perform auto-transition.

schedule 'rsakeyfile' removal for next year release.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
ff1ccd85e8 dropbear: failsafe: handle all supported key types
dropbear may be configured and compiled with support for different host key types

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
55218bcedb dropbear: minor config reorder
move DROPBEAR_ASKPASS under DROPBEAR_DBCLIENT (in all meanings)

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
c87a192386 dropbear: split U2F/FIDO support
these options allow one to configure U2F/FIDO support in more granular way

inspired by upstream commit aa6559db

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
bf900e02c7 dropbear: add option to enable modern crypto only
reduces binary/package size and increases overall performance

also:
- adjust 910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
  to build without DROPBEAR_RSA/DROPBEAR_RSA_SHA256

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
88c8053d47 dropbear: adjust allowed shell list
this takes an effect only if getusershell(3) is missing

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
7f6fcaa3bf dropbear: honor CONFIG_TARGET_INIT_PATH
fixes 65256aee

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
2d9a0be307 dropbear: disable two weak kex/mac algorithms
hmac-sha1 and diffie-hellman-group14-sha1 are weak algorithms.
A future deprecation notice of ssh-rsa (2048-bit) has been issued. [1]

It has no place in a potentially internet-facing daemon like dropbear.
Upstream has acknowledged this and offered this solution to disable
these two until this is made to be the default in the next release
of dropbear next year. [2]

1. https://www.openssh.com/txt/release-8.2
2. https://github.com/mkj/dropbear/issues/138

Signed-off-by: John Audia <therealgraysky@proton.me>
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
0b277f8659 dropbear: minor config clarification
- "default n" is not needed: options are not selected by default
- wrap config on 80 characters width (assuming tab is 8 characters long)
- add feature cost size and security notes for DROPBEAR_AGENTFORWARD
  and DROPBEAR_DBCLIENT_AGENTFORWARD:
  describe why and where it should be disabled

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
fa849fd411 dropbear: better object cleanup
improves b78aae79

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
f2b2293663 dropbear: allow more complex configuration
- switch DB_OPT_COMMON and DB_OPT_CONFIG to comma-separated lists:
  this allows to have values with "|" in DB_OPT_COMMON and DB_OPT_CONFIG
  which is more likely to be than values with commas;
  use $(comma) variable for values with commas.
- sort DB_OPT_COMMON and DB_OPT_CONFIG to have "overrides" on top of list.
- allow DB_OPT_COMMON to have values with commas.
- allow to replace multiline definitions in sysoptions.h.

improves e1bd9645

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
b5cde26048 dropbear: cherry-pick upstream patches
critical fixes:
- libtommath: possible integer overflow (CVE-2023-36328)
- implement Strict KEX mode (CVE-2023-48795)

various fixes:
- fix DROPBEAR_DSS and DROPBEAR_RSA config options
- y2038 issues
- remove SO_LINGER socket option
- make banner reading failure non-fatal
- fix "noremotetcp" behavior
- don't try to shutdown a pty
- fix test for multiuser kernels

adds new features:
- option to bind to interface
- allow inetd with non-syslog
- ignore unsupported command line options with dropbearkey

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
d4dfb566e2 dropbear: bump to 2022.83
- update dropbear to latest stable 2022.83;
  for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- drop patches:
  - 001-fix-MAX_UNAUTH_CLIENTS-regression.patch
- rework patches:
  - 901-bundled-libs-cflags.patch
- refresh remaining patches

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Stephen Howell
d274867c21 lldpd: add option to force EDP
allow EDP support if compiled and add force EDP option

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
8b2d02e48c lldpd: only use snmp options when compiled in
prevent SNMP options being passed unless lldpd supports them

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
1b36d44323 lldpd: Update Makefile package release
increment Makefile package release to reflect changes to init script

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
a5f715da71 lldpd: add option for tx delay and tx hold
add option to set LLDP transmit delay, hold timers to set update frequency

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
4159acceeb lldpd: add option to set system platform
add option to override system platform instead of using kernel name

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
4ac134aa78 lldpd: add option to force SONMP enabled
add option to force SONMP to be enabled even when no peer detected

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
1be2088a52 lldpd: add option to force FDP on
add option to force FDP when no peers detected

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
b67182008f lldpd: set CDP version and allow forcing CDP on
add option to specify CDPv1 or CDPv2 and separately enable or force each

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
61dbe756d8 lldpd: allow disabling LLDP protcol
add option to allow LLDP disabling while using other supported protocols

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
ac771313eb lldpd: add portidsubtype option
add option portidsubtype to correct port identifiers and descriptions

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
c98ee4dbb3 lldpd: add agent-type option
add option to set agent-type to control propogation

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
24176a6bdd lldpd: add LLDP MED options
add option to enable LLDP MED fast-start and set fast-start timer

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
1753498b01 lldpd: option to disable LLDP-MED inventory TLV
add option to disable LLDP-MED inventory TLV transmission

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
058f284b1a lldpd: Init adds no-version option
add option to disable advertising kernel version

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
ac3ed75309 lldpd: Allow neighbour filtering
add filter option to init script.

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
064b4999ad lldpd: LLDPD binds to only specified interfaces
Bind to the configured system interfaces only. Switchport interfaces
are no longer ignored and uci interface values for LLDPD are honored.

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
e483c247dc lldpd: Init config read on reload
Init script reload with trigger to detect config file update.
Reload command added to attempt non-impactful lldpd reload where
lldpcli can be used to update config without process restart.
Config hash function used to track whether process restart is needed.

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Felix Fietkau
4cd8ae67c5 wifi-scripts: fix copy&paste issue in metadata
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-06 10:47:22 +01:00
Felix Fietkau
0e3f147574 wifi-scripts: add script to add phy capabilities to board.json
Useful for UI and config generators. Will be used as intermediate
step for generating the default wifi configuration

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-03 16:16:36 +01:00
Felix Fietkau
2716853132 wifi-scripts: add new package, move wifi scripts to a single place
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-03 16:16:36 +01:00
Daniel Golle
7eee094f01 uhttpd: bump PKG_RELEASE
Bump PKG_RELEASE which should have been done by commit 7b1c3068b7
("uhttpd: restart when interface to listen becomes available").

Fixes: 7b1c3068b7 ("uhttpd: restart when interface to listen becomes available")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-02 04:22:17 +00:00
Daniel Golle
7b1c3068b7 uhttpd: restart when interface to listen becomes available
Currently uhttpd won't start with a listening interface configured if
the interface isn't already up at the time uhttpd starts. Make sure we
attempt to start uhttpd when it comes up.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-01 00:52:54 +00:00
Álvaro Fernández Rojas
e5efc638a7 iwinfo: update to latest git HEAD
Adds MediaTek MT7916AN and Cypress CYW43455 (Raspberry Pi 5) devices.

a34977c devices: add device id for Cypress CYW43455
3eb34df devices: add device id for MediaTek MT7916AN

There are no ABI changes.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2024-01-26 18:29:54 +01:00
Rany Hany
59f67b2010 hostapd: fail R0KH and R1KH derivation when wpa_psk_file is used
When wpa_psk_file is used, there is a chance that no PSK is set. This means
that the FT key will be generated using only the mobility domain which
could be considered a security vulnerability but only for a very specific
and niche config.

Signed-off-by: Rany Hany <rany_hany@riseup.net>
2024-01-25 20:02:40 +01:00
Jesus Fernandez Manzano
e2f6bfb833 hostapd: fix 11r defaults when using SAE
When using WPA3-SAE or WPA2/WPA3 Personal Mixed, we can not use
ft_psk_generate_local because it will break FT for SAE. Instead
use the r0kh and r1kh configuration approach.

Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
2024-01-25 20:02:40 +01:00
Jesus Fernandez Manzano
cdc4c55175 hostapd: fix 11r defaults when using WPA
802.11r can not be used when selecting WPA. It needs at least WPA2.

This is because 802.11r advertises FT support in-part through the
Authentication and Key Management (AKM) suites in the Robust
Security Network (RSN) Information Element, which was included in
the 802.11i amendment and WPA2 certification program.

Pre-standard WPA did not include the RSN IE, but the WPA IE.
This IE can not advertise the AKM suite for FT.

Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
2024-01-25 20:02:40 +01:00
Felix Fietkau
195cf4b58d hostapd: remove obsolete function
Leftover from authsae, which was removed a long time ago

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-01-25 20:02:30 +01:00
Nick Hainke
6f90118533 iproute2: update to 6.7.0
Release Notes:
https://lwn.net/Articles/957171/

Remove patch "100-configure.patch" because support for ATM was dropped [0].

Manually refresh:
- 200-drop_libbsd_dependency.patch

Automatic refresh:
- 130-no_netem_tipc_dcb_man_vdpa.patch
- 140-keep_libmnl_optional.patch
- 145-keep_libelf_optional.patch
- 150-keep_libcap_optional.patch
- 155-keep_tirpc_optional.patch
- 190-fix-nls-rpath-link.patch
- 300-selinux-configurable.patch

[0] - https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=a66a73af6db74fdb64439316c69aa0e35dd02c47

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-01-25 16:08:25 +01:00
Jo-Philipp Wich
039f8a1241 wireguard-tools: avoid redundant jsonfilter calls
Use a single jsonfilter expression to yield the list of logical wireguard
interface names in shell compatible notation.

Supersedes: #12344
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2024-01-23 09:19:35 +01:00
David Bauer
56d7887917 hostapd: ACS: Fix typo in bw_40 frequency array
[Upstream Backport]

The range for the 5 GHz channel 118 was encoded with an incorrect
channel number.

Fixes: ed8e13decc71 (ACS: Extract bw40/80/160 freqs out of acs_usable_bwXXX_chan())
Signed-off-by: Michael Lee <michael-cy.lee@mediatek.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
2024-01-18 23:22:33 +01:00
Daniel Golle
a8cf9f860f uqmi: update to git HEAD
c3488b8 uqmi: cancel all requests on SYNC indication reception
dfa612e uqmi: improve response detection

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-01-16 23:36:37 +00:00
Felix Fietkau
912e573127 hostapd: add back missing function for updating wpa_supplicant macaddr list
Make the call deferred instead of blocking to avoid deadlock issues

Fixes: 3df9322771 ("hostapd: make ubus calls to wpa_supplicant asynchronous")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-01-13 16:12:34 +01:00
Felix Fietkau
12c8bba731 hostapd: fix an exception in hostapd.uc on interface add failure
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-01-13 15:22:27 +01:00
Felix Fietkau
5b8f188c0f Revert "mac80211: rework interface setup, fix race condition"
This reverts commit b7f9742da8.
There are several reports of regressions with this commit. Will be added
back once I've figured out and fixed the cause

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-01-13 11:19:34 +01:00
Felix Fietkau
b7f9742da8 mac80211: rework interface setup, fix race condition
Only tell netifd about vifs when the setup is complete and hostapd +
wpa_supplicant have been notified

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-01-11 10:40:43 +01:00
Felix Fietkau
3df9322771 hostapd: make ubus calls to wpa_supplicant asynchronous
This fixes a deadlock issue where depending on the setup order, hostapd and
wpa_supplicant could end up waiting for each other

Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-01-11 09:15:54 +01:00
Uwe Niethammer
6b0db8592a uqmi: added timeouts in qmi.sh
Modems which are using qmi do not reply on the 1st sync but they do
on subsequent. Sometimes uqmi is hanging - even when using an early
dummy access to unlock the modem. To always guarantee a proper
initialisation, running or hanging uqmi processes must be stopped
before. All uqmi calls have now a timeout option -t to avoid hanging.

Signed-off-by: Uwe Niethammer <uwe@dr-niethammer.de>
2024-01-10 22:43:32 +01:00
Rafał Miłecki
1f11a4e283 uhttpd: handle reload after uhttpd-mod-ubus installation using postinst
Use postinst script to reload service instead of uci-defaults hack. It's
possible thanks to recent base-files change that executes postinst after
uci-defaults.

This fixes support for uhttpd customizations. It's possible (again) to
adjust uhttpd config with custom uci-defaults before it gets started.

Cc: Hauke Mehrtens <hauke@hauke-m.de>
Fixes: d25d281fd6 ("uhttpd: Reload config after uhttpd-mod-ubus was added")
Ref: b799dd3c70 ("base-files: execute package's "postinst" after executing uci-defaults")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-01-10 17:06:56 +01:00
Felix Fietkau
d864f68232 hostapd: add missing NULL pointer check on radar notification
Fixes a race condition that can lead to a hostapd crash

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-01-09 11:06:24 +01:00
Felix Fietkau
0f1b3d5c02 netifd: update to Git HEAD (2024-01-04)
4219e99eeec7 system-linux: fix race condition in netlink socket error handing
f01345ec13b9 device: restore cleared flags on device down

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-01-04 13:52:02 +01:00
David Bauer
f95eecfb21 dropbear: increase default receive window size
Increasing the receive window size improves throughout on higher-latency
links such as WAN connections. The current default of 24KB caps out at
around 500 KB/s.

Increasing the receive buffer to 256KB increases the throughput to at
least 11 MB/s.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-12-28 23:37:51 +01:00
Felix Fietkau
44be35890b netifd: update to Git HEAD (2023-12-19)
a2d32f0dcf16 Revert "system-linux: set pending to 0 on ifindex found or error for if_get_master"

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-12-19 22:35:22 +01:00
Felix Fietkau
62a2af6555 netifd: update to Git HEAD (2023-12-18)
730b4656e6b1 netifd: fix undefined va_list value which can cause crashes
c59457f69709 device: Log error message if device initialization failed

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-12-18 11:49:15 +01:00
Christian Marangi
e2fa450560
netifd: update to Git HEAD (2023-12-17)
66a7652176a7 system-linux: set pending to 0 on ifindex found or error for if_get_master

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-12-17 17:35:45 +01:00