058a099f5bc5 interface: fix memleak and reload issue for the zone attribute
ea01ed41f321 interface: remove unnecessary NULL checks before free()
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Images for xrx200 8M flash are either not building due to image
size (TD-W8970, TD-W8980) or building such that the available
free space in the overlayfs is too little to be useful.
To keep images for these devices buildable, move them into a
small flash variant of the xrx200 subtarget. As these devices
are NOR flash only, remove NAND and UBI references from the
kernel config to gain some additional image size reduction.
The apparent 8M flash devices Arcadyan VGV7510KW22-brn,
Arcadyan VGV7519-brn and Lantiq Easy80920-nor seem to exist in
order to create special "factory" installation images for these
devices (which actually have larger flash: 16MB for the
Arcardyan devices; 64MB for the Lantiq device). As a
considerable amount of surgery would appear to be required to
the uboot-lantiq package structure to separate the "factory"
from the "sysupgrade" device recipes for these devices they
remain in the xrx200 target - if factory images aren't now
created, 23.05.x factory images should suffice for initial
installation.
Tested on: Netgear DM200, TP-Link TD-W8980,
AVM Fritz7490 (xrx200 subtarget: image build only)
Fixes: https://github.com/openwrt/openwrt/issues/16761
Signed-off-by: Andrew MacIntyre <andymac@pcug.org.au>
Link: https://github.com/openwrt/openwrt/pull/17113
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Don't fail wireless interface bringup on empty PSK set. This is a valid
configuration, resulting in a PSK network which can't be connected to.
It does not fail the bringup of the hostapd process.
Keep failing the interface setup in case a password with invalid length
is used.
This is also beneficial when intending to configure a PPSK network. It
allows to create a network where no PPSK is yet set.
Signed-off-by: David Bauer <mail@david-bauer.net>
Link: https://github.com/openwrt/openwrt/pull/17197
Signed-off-by: John Crispin <john@phrozen.org>
Ensure that the code doesn't pass macaddr_base with the wrong type (null)
to the supplicant setup/start call.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
With rxkh_file, hostapd will read a list of RxKHs from a text file.
This also makes it possible for hostapd to dynamically reload RxKHs.
RxKHs defined in rxkh_file should be formated as described in hostapd.conf,
with one entry per line.
R0KH/R1KH format:
r0kh=<MAC address> <NAS Identifier> <256-bit key as hex string>
r1kh=<MAC address> <R1KH-ID> <256-bit key as hex string>
Reworked behavior of the uci options r0kh and r1kh.
When rxkh_file is not configured:
Instead of appending the RxKHs to the hostapd bss configuration.
They will be added to a interface specific file with name
/var/run/hostapd-phyX-apX.rxkh.
This file will be used as the rxkh_file in the hostapd bss configuration.
When rxkh_file is configured:
The specified file will be used in the hostapd bss configuration,
and will be the only source for configured RxKHs.
All RxKHs defined with the uci options r0kh or r1kh will be ignored.
Signed-off-by: Sybil127 <sybil127@outlook.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The initialization of mesh interfaces currently fail when wpa_supplicant
is not installed. This is due to the script calling the wpa_supplicant
feature indicator without verifying wpa_supplicant is installed at all.
To avoid failing, first check if wpa_supplicant is installed before
determining the available featureset.
Signed-off-by: David Bauer <mail@david-bauer.net>
change Support-UDP-Traceroute rule from 'enabled false' to 'enabled 0'
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17133
Signed-off-by: John Crispin <john@phrozen.org>
Regarding SAE support in wifi-station:
Important Note: Unlike PSK wifi-stations, both `mac` and `key` options are required
to make it work. With PSK, hostapd used to perform a brute-force match to find which
PSK entry to use, but with SAE this is infeasible due to SAE's design.
When `mac` is omitted, it will allow any MAC address to use the SAE password if it
didn't have a MAC address assigned to it, but this could only be done once.
The last wildcard entry would be used.
Also, unlike "hostapd: add support for SAE in PPSK option" (commit 913368a),
it is not required to set `sae_pwe` to `0`. This gives it a slight advantage
over using PPSK that goes beyond not needing RADIUS.
Example Configuration:
```
config wifi-vlan
option iface default_radio0
option name 999
option vid 999
option network management
config wifi-station
# Allow user with MAC address 00:11:22:33:44:55 and matching
# key "secretadminpass" to access the management network.
option iface default_radio0
option vid 999
option mac '00:11:22:33:44:55'
option key secretadminpass
config wifi-vlan
option iface default_radio0
option name 100
option vid 100
option network guest
config wifi-station
# With SAE, when 'mac' is omitted it will be the fallback in case no
# other MAC address matches. It won't be possible for a user that
# has a matching MAC to use this network (i.e., 00:11:22:33:44:55
# in this example).
option iface default_radio0
option vid 100
option key guestpass
```
Regarding PSK file creation optimization:
This patch now conditionally runs `hostapd_set_psk_file` depending on `auth_type`.
Previously, `hostapd_set_psk` would always execute `hostapd_set_psk_file`, which
would create a new file if `wifi-station` was in use even if PSK was not enabled.
This change checks the `auth_type` to ensure that it is appropriate to parse the
`wifi-station` entries and create those files.
Furthermore, we now only configure `wpa_psk_file` when it is a supported option
(i.e., psk or psk-sae is used). Previously, we used to configure it when it was
not necessary. While it didn't cause any issues, it would litter `/var/run` with
unnecessary files. This patch fixes that case by configuring it depending on the
`auth_type`.
The new SAE support is aligned with these PSK file changes.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/17145
Signed-off-by: John Crispin <john@phrozen.org>
- fix variable references for ft key
- add r0kh and r1kh if ft_generate_local is not set (logic inversion bug)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add an ucode based re-implementation of the shell script based wifi code.
The new code is jsonschema driven. The code has been refactored into several
files making it easier to follow.
The new scripts are also way faster than the previous sh implementation.
The new code is currently opt-in via WIFI_SCRIPTS_UCODE and defaults to
EXPERIMENTAL.
Signed-off-by: John Crispin <john@phrozen.org>
Add an ucode based re-implementation of iwinfo. The tool behaves like the old
one with a few minor output differences. It is now possible to add -j to any
command resulting in JSON output.
The new code is currently opt-in via WIFI_SCRIPTS_UCODE and defaults to
EXPERIMENTAL.
Signed-off-by: John Crispin <john@phrozen.org>
Avoid harmless error from network script by checking presence of
now-optional wifi support script, most notably confusing users of x86
snapshots.
Fixes: #14964
Signed-off-by: Andris PE <neandris@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14986
Signed-off-by: Robert Marko <robimarko@gmail.com>
86da5cbcdb9d system-linux: do not pull ifindex/flags from netlink messages on rtnl events
cd96f61ba63e proto-shell: fix spurious interface teardowns with host deps
a39fe3a8b150 wireless: add support for adding a list of devices for a wifi-iface
d29cf707478c iprule: add ipproto property
768027c5a764 system-linux: restore reading flags from netlink messages
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17074
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fixup capabilities parsing in iw output.
In addition to the normal capabilities iw now also outputs HE MAC, HE
PHY and EHT MAC and EHT PHY capabilities. Exclude them in the parsing.
The grep returns this with mac80211-hwsim:
```
root@OpenWrt:~# iw phy phy0 info | grep 'Capabilities:'
Capabilities: 0x107e
HE PHY Capabilities: (0x02bfce0000000000000000):
EHT PHY Capabilities: (0x7c0000feffff7f01):
HE PHY Capabilities: (0x02bfce0000000000000000):
EHT PHY Capabilities: (0x7c0000feffff7f01):
HE PHY Capabilities: (0x02bf000000000000000000):
Capabilities: 0x107e
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfc1f3ffeffff7f37):
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfc1f3ffeffff7f37):
HE PHY Capabilities: (0x1cbf000000000000000000):
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfefffffeffffff7f):
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfefffffeffffff7f):
HE PHY Capabilities: (0x1cbf000000000000000000):
Capabilities: 0x107e
```
With busybox 1.36.1 the ht_cap_mask variable will be set to
-72057598332895361. With busybox 1.37.0 it will be set to -1.
Both values are wrong, after this change it will be set to 4222
(0x107E).
Link: https://github.com/openwrt/openwrt/pull/17043
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
e93f6c3fc729 main: fix format string related warnings for log/debug printf functions
6ab44a2413f9 fix signed/unsigned comparison warnings
4fe997b61d7d system-dummy: add system_if_apply_settings_after_up
992d33cb42a6 ubus: add notifications on wireless device state changes
34eb11eb6f5c device/interface: add "tags" attribute from config to status dump
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This allows annotating wifi interfaces in the config in a way that can be
queried through wifi status. One example use case is to mark wifi interfaces
for use with specific services without having to explicitly reference the
(often unnamed) sections from elsewhere.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This allows to obtain detailed diagnostic information about the DSL
connection from the modem. The script is copied from the corresponding
packages for VDSL modems.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Link: https://patchwork.ozlabs.org/project/openwrt/patch/20241019174041.1281093-4-jan@3e8.eu/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is a preparation for adding support for dsl_cpe_pipe.sh with a
similar set of commands compared to the VDSL variant.
The configuration is simplified by using the "--enable-model" option.
Other options are chosen to match the VDSL variant, while also making
sure that previously enabled options stay like that. However, ReTx
options stay disabled, because of incompatibility with the ubus code.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Link: https://patchwork.ozlabs.org/project/openwrt/patch/20241019174041.1281093-3-jan@3e8.eu/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch allows the use of SAE when using PPSK after
https://w1.fi/cgit/hostap/commit/?id=fcbdaae8a52e542705a651ee78b39b02935fda20
added support for it.
It also implements a fix so that this option works with SAE. The reason this
doesn't work out of the box is because OpenWRT deviates from hostapd defaults
by setting `sae_pwe` option to 2 which makes this mode not function properly
(results in every auth attempt being denied).
That issue was addressed by not overriding hostapd's default for the `sae_pwe`
option when the PPSK option is in use. This should be fine because hostapd's
test cases specifically test this mode with the default SAE parameters. See:
https://w1.fi/cgit/hostap/commit/?id=c34b35b54e81dbacd9dee513b74604c87f93f6a3
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/16343
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
ffba75c9cd8f iptables: free xtables_match if found in need_protomatch
bf1d5fdf6234 iptables: fix regression with unintended free in need_protomatch
1aef9791a21e defaults.c: fix ipv6 flow offloading
Signed-off-by: Felix Fietkau <nbd@nbd.name>
850cc271083d qosify: add support for keeping stats
1501e0935175 bpf_skb_utils.h: add missing include to fix build against newer kernel headers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
480551a3adc4 interface: add support for disabling renew on topology change
b7b294266781 device: add more debugging code
595094f5c213 device: do not pull device present state from hotplug events
4e11e52e9b98 main: add messages to udebug regardless of their log level
091d063f4a9d wireless: handle link updates even if devices are present already
a8e90853c936 interface: improve hotplug handling reliability
cdb41673ceea device: remove redundant newlines from debug messages
cd2a7964f2c0 device: revert to explicit device_set_present calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Try to do a clean disconnection via L3 request before the connection is
stopped.
Because this might take up to 6 seconds (the driver does 3 attempts with
a timeout of 2 seconds each), a termination timeout needs to be defined
in the init script.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Move the code for disconnection on exit to a separate function, and also
call it in the code paths for SIGINT and the "quit" CLI command.
While at it, make the patch description a bit clearer.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Move the code for disconnection on exit to a separate function, and also
call it in the code path for the "quit" CLI command.
While at it, make the patch description a bit clearer.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Use the correct return value in error message.
Fixes: 6e4c9738be ("ltq-vdsl-vr11-app: add version 4.23.1 for vr11 targets")
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Use the correct return value in error message.
Fixes: 1daaef31b3 ("ltq-vdsl-app: disconnect when service is stopped")
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
This patch fixes the list delimiter between 3GPP networks
passed to hostapd.
> list iw_anqp_3gpp_cell_net '262,001'
> list iw_anqp_3gpp_cell_net '262,002'
When passing a list of "iw_anqp_3gpp_cell_net" parameters via UCI,
hostapd would crash at startup:
> daemon.err hostapd: Line 73: Invalid anqp_3gpp_cell_net: 262,001:262,002
Using a semicolon as a delimiter, hostapd will start as expected.
Signed-off-by: Sarah Maedel <git@tbspace.de>
68c8a4f system-linux: re-apply ethtool on phy attachment
890929b wireless: add support for defining wifi interfaces via procd service data
b57e40b wireless: use blobmsg_parse_attr
7a6532f proto-shell: add proto property for skipping device config
33ec3da CMake: bump the minimum required CMake version to 3.5
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fixes the following error:
Syntax error: Unable to resolve path for module 'uci'
In line 3, byte 27:
`import * as uci from 'uci';`
Near here ----------------^
Fixes: 4a3ed518b2 ("wifi-scripts: rewrite wifi detect code in ucode")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The new script uses a different strategy compared to the previous one.
Instead of trying to split flows by hash and spread them to all CPUs,
use RPS to redirect packets to a single core only.
Try to spread NAPI thread and RPS target CPUs across available CPUs
and try to ensure that the NAPI thread is on a different CPU than the
RPS target. This significantly reduces cycles wasted on the scheduler.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When an IBBS interface is configured for IBSS legacy mode, wdev.htmode
is empty. This is empty string results in an empty positional argument
to the "ibbs join" command, for example:
iw dev phy0-ibss0 ibss join crymesh 2412 '' fixed-freq beacon-interval 100
This empty argument is interpreted as an invalid HT mode by 'iw',
causing the entire command to fail and print a "usage" message:
daemon.notice netifd: radio0 (4527): Usage: iw [options] \
dev <devname> ibss join <SSID> <freq in MHz> ...
Although nobody will ever need more than 640K of IBSS, explicitly use
"NOHT" if an HT mode is not given. This fixes the problem.
Fixes: e56c5f7b27 ("hostapd: add ucode support, use ucode for the main ubus object")
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [extend to cover more cases]
When using zst instead of xz, the hash changes. This commit fixes the
hash for packages and tools in core.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Without this configuration it is not possible to run the radio using HE160 on channels 149-177.
Fixes: #14906
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
Different from OPKG, APK uses a deterministic version schema which chips
the version into chunks and compares them individually. This enforces a
certain schema which was previously entirely flexible.
- Releases are added at the very and end prefixed with an `r` like
`1.2.3-r3`.
- Hashes are prefixed with a `~` like `1.2.3~abc123`.
- Dates become semantic versions, like `2024.04.01`
- Extra tags are possible like `_git`, `_alpha` and more.
For full details see the APK test list:
https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/master/test/version.data
Signed-off-by: Paul Spooren <mail@aparcar.org>
With mac80211_hwsim I have seen such entries in OpenWrt 22.03:
HE Iftypes: managed, AP
The mac80211.sh script did not detect the entry and failed. Allow
arbitrary other entries before to fix this problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Checking for AP_VLAN misdetects ath10k-ath12k as fullmac, because of software
crypto limitations. Check for monitor mode support instead, which is more
reliable.
Fixes: https://github.com/openwrt/openwrt/issues/14575
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Useful for UI and config generators. Will be used as intermediate
step for generating the default wifi configuration
Signed-off-by: Felix Fietkau <nbd@nbd.name>
730b4656e6b1 netifd: fix undefined va_list value which can cause crashes
c59457f69709 device: Log error message if device initialization failed
Signed-off-by: Felix Fietkau <nbd@nbd.name>
8f2806a37fe1 system-linux: set master early on apply settings
e3fc2b0026a5 system-linux: skip refreshing MAC on master change if custom MAC
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
eee02ccca8c8 device: add support to configure eee
bb28f6a291d9 wireless: fix sign comparison warning
35facc8306f5 wireless: fix premature removal of hotplug devices due to down state
Signed-off-by: Felix Fietkau <nbd@nbd.name>
841b05fbb91e system-linux: fix compilation error if IFLA_DSA_MASTER is not supported
5c9ecc1ff74f system-linux: make system_if_get_master_ifindex static
2dc7f450f3a2 system-linux: add option to configure DSA conduit device
838f815db5ef system-linux: add support for configurable GRO option
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
383753dd65ae device/bridge: support passing extra vlans in the device_set_state call
b6e75eafc1af device: send notifications for device events via ubus
cab415c7aefd bridge: add auth-required bridge members with auth_status=0 if vlan is enabled
827a02f0343c bridge: add support for configuring vlans for auth=1,auth_status=false
40ed7363caf2 device: fix build error on 32 bit systems
516ab774cc16 system-linux: fix race condition on bringing up wireless devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
4101dd4 fw4: perform strict validation of zone and set names
a923c88 fw4: pass zone to templates whenever possible
597dc90 fw4: add support for zone log_limit
1874050 fw4: add log_limit to rules and redirects
19a8caf ruleset: dispatch ct states using verdict map
a5553da ruleset: reduce ksoftirqd load by refering to looopback by numeric id
de3483c tests: adjust zone log limit testcases
7392792 ruleset: do not emit redundant drop invalid rules
698a533 ruleset: apply egress MSS fixup later to apply final MTU before wire
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add a function 'ipcalc' to /lib/functions.sh that sets variables more
safely using export.
With this new function, dnsmasq also handles the return value of ipcalc
correctly.
Fixes: e4bd3de1be ("dnsmasq: refuse to add empty DHCP range")
Co-Authored-By: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
