Both hostapd and netifd attempt to add a VLAN device to a bridge.
Depending on which one wins the race, bridge vlan settings might be incomplete,
or hostapd might run into an error and refuse to service the client.
Fix this by preventing hostapd from adding interfaces to the bridge and
instead rely entirely on netifd handling this properly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
c61a1d432b34 wireless: fix creating AP mode WDS station interfaces
f78bdec2ed5f wireless: fix handling vif attributes on reload with mode change
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Backport upstream SFP support for the Marvell 88E1510/2 PHY-s.
Globalscale MOCHAbin uses this PHY for the hybrid
WAN port that has 1G SFP and 1G RJ45 with PoE PD
connected to it.
This allows the SFP port to be used on it as well as
parsing the SFP module details with ethtool.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Backport upstream support for 100Base-FX, 100Base-LX, 100Base-PX and
100Base-BX10 SFP modules.
This is a prerequisite for the Globalscale MOCHAbin hybrid 1G
SFP/Copper support backporting.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Refactor so that the outer function opens and closes the mei fd and
passes it around, just as with the main fd.
That also allows us to use the IOCTL macro in get_vector_status() and
clean up accordingly.
Switch to AUTORELEASE while at it.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Add in a fix for 160Mhz dfs on 5.10 and higher.
Add support for 5.13 and 5.15 kernels.
Add of_get_mac_address support for 5.15 driver.
Signed-off-by: Andrew Robbins <andrew@robbinsa.me>
Removed upstreamed:
backport-5.4/070-v5.5-MIPS-BPF-Restore-MIPS32-cBPF-JIT.patch
All other patches automatically rebased.
Signed-off-by: John Audia <graysky@archlinux.us>
The nl80211 was out of sync with the version used in our backports. This
broke the configuration of the antenna gain.
Fixes: 2bfac61483 ("mac80211: backport support for BSS color changes")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The video feed just got support for Wayland which allows OpenWrt devices
to run as a Kiosk (displaying browser content via a display).
The availability of these packages should be mentioned to users.
Signed-off-by: Paul Spooren <mail@aparcar.org>
They're preferred terminal descriptions for tmux, with additional support to
some special characters and italic fonts. More info can be found at:
https://github.com/tmux/tmux/wiki/FAQ
Fixes: FS#3404
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
When a ubus event handler denies a association with a non-zero return
value, the code jumps to preceeding code, creating an endless loop until
the event handler accepts the assc request.
Move the ubus handler further up the code to avoid creating such a loop.
Signed-off-by: David Bauer <mail@david-bauer.net>
Right now when I want to temporarily disable wg peer I need to delete
the entire peer section. This is not such a good solution because I
loose the previous configuration of the peer.
This patch adds `disabled` option to peer config which causes that
the config section is ignored.
Signed-off-by: Stepan Henek <stepan.henek@nic.cz>
[use $(AUTORELEASE)]
Signed-off-by: Paul Spooren <mail@aparcar.org>
This introduces support for hardware flow offloading, which was added in
in nftables 0.9.9.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
This target has testing support for kernel 5.10 for four months now.
Time to switch the default.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Both should be supported since:
1. Adding NVMEM driver for NVRAM
2. Using NVRAM info for determining active firmware partition
Linksys EA9500 uses very similar design and works fine.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
It's the default anyway and this just looks confusing, as if it wasn't.
Switch to AUTORELEASE while at it.
The binary size is unchanged.
Signed-off-by: Andre Heider <a.heider@gmail.com>
This gates out anything that might introduce semantically frivolous jitter,
maximizing chance of identical object files.
The binary size shrinks by 8kb:
1244352 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
Signed-off-by: Andre Heider <a.heider@gmail.com>
"Alternate certification chains, as oppossed to requiring full chain
validataion. Certificate validation behavior is relaxed, similar to
openssl and browsers. Only the peer certificate must validate to a trusted
certificate. Without this, all certificates sent by a peer must be
used in the trust chain or the connection will be rejected."
This fixes e.g. uclient-fetch and curl connecting to servers using a Let's
Encrypt certificate which are cross-signed by the now expired
DST Root CA X3, see [0].
This is the recommended solution from upstream [1].
The binary size increases by ~12.3kb:
1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
1248704 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
[0] https://github.com/openwrt/packages/issues/16674
[1] https://github.com/wolfSSL/wolfssl/issues/4443#issuecomment-934926793
Signed-off-by: Andre Heider <a.heider@gmail.com>
[bump PKG_RELEASE]
Signed-off-by: David Bauer <mail@david-bauer.net>
This firmware should only be used for mobile devices (e.g. laptops), where
AP mode functionality is typically not used. This firmware supports a lot
of power saving offload functionality at the expense of AP mode support.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Use kernel 5.10 by default
compile-tested: all devices from target (wth ALL_KMODS)
run-tested: Digilent Zybo Z7-20
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
This fixes compilation of several wireless drivers that
require support for the old wireless extension to work.
One example is kmod-hermes.
The symbols are set to "y" on generic configuration.
But they were wrongly disabled on the target-specific
configuration.
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
Until now, this feature was switched on via the kernel configuration
option KERNEL_SECCOMP.
The follwing change a7f794cd2a now requires that
the package procd-seccomp must also enabled for buildinmg.
However, this is not the case we have no dependency and the imagebuilder
cannot build the image, because of the implicit package selection.
This change adds a new configuration option CONFIG_SECCOMP.
The new option has the same behaviour as the configuration
option CONFIG_SELINUX.
If the CONFIG_SECCOMP is selected then the package procd-seccomp and
KERNEL_SECCOMP is enabled for this build.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The existing wnm_disassoc_imminent ubus method only supports issuing a
bss transition request with the disassoc imminent flag set.
For use-cases, where the client is requested to roam to another BSS
without a pending disassoc, this existing method is not suitable.
Add a new bss_transition_request ubus method, which provides a more
universal way to dispatch a transition request. It takes the following
arguments:
Required:
addr: String - MAC-address of the STA to send the request to (colon-seperated)
Optional:
abridged - Bool - Indicates if the abridged flag is set
disassociation_imminent: Bool - Whether or not the disassoc_imminent
flag is set
disassociation_timer: I32 - number of TBTTs after which the client will
be disassociated
validity_period: I32 - number of TBTTs after which the beacon
candidate list (if included) will be invalid
neighbors: blob-array - Array of strings containing neighbor reports as
hex-string
Signed-off-by: David Bauer <mail@david-bauer.net>
To allow steering daemons to be aware of the STA-decided transition
target, publish WNM transition responses to ubus. This way, steerings
daemons can learn about STA-chosen targets and send a better selection
of transition candidates.
Signed-off-by: David Bauer <mail@david-bauer.net>
For some reason, the generated configure script fails to properly set up
the internal preprocessor command variable, causing the host OS check for
Darwin to fail after the last update.
Explicitly setting CPP fixes this issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This Kernel option allows to run OpenWrt witin a `firecracker` micro VM.
Firecracker is a KVM-based tool for superfast booting VMs on x86_64 and
aarch64. It makes rootfs available to the guest as a virtio-mmio device
and passes its address via the kernel cmdline. A kernel without
CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES will not recognize the rootfs
virtio-mmio device.
Suggested-by: Packet Please <pktpls@systemli.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
This Kernel option allows to run OpenWrt witin a `firecracker` micro VM.
Firecracker is a KVM-based tool for superfast booting VMs on x86_64 and
aarch64. It makes rootfs available to the guest as a virtio-mmio device
and passes its address via the kernel cmdline. A kernel without
CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES will not recognize the rootfs
virtio-mmio device.
Suggested-by: Packet Please <pktpls@systemli.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
97bcdcf uxc: fix segfault caused by use-after-free
6398e05 uxc: don't free the stack
324ebd0 jail: fs: add support for asymmetric mount bind
c44ab7f jail: netifd: generate netifd uci config and mount it
82dd390 jail: make use of per-container netifd via ubus
The new per-jail netifd is now configured by filtering the host
network configuration. As libuci is used for that, procd-ujail now
depends on libuci.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>