Some modems and SIM cards take a bit longer to initialize after UIM has been
powered off. Waiting too little time can cause the qmi protocol to end up
in a loop repeatedly power-cycling the SIM card.
Avoid that by
a) increasing the time we unconditionally sleep after --uim-power-on
b) increasing the time we allow uqmi to wait for response for --uim-get-sim-state
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18772
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
If the uci 'dhcp' configuration for the dhcp leases is incorrect then
the call to 'ipclac' fails. However, the problem is that the dnsmasq
configuration option 'dhcp-range' is still written for this uci section
even though the information generated by ipcalc is incorrect or not set.
Due to the incorrectly generated configuration for dnsmasq, the service
cannot start.
To prevent an incorrect configuration from being written to the configuration,
a check is now made beforehand to ensure that the required variables are
present and valid. If the configuration is incorrect, a message is emitted
to the log that this configuration section is incorrect and this uci
configuration section is omitted.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Link: https://github.com/openwrt/openwrt/pull/18641
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The ucode-based wifi interface validation is based on `hostapd.conf`
specific options, which means it's missing the OpenWrt-specific
'network' property.
This causes schema validation warnings like:
```
daemon.notice netifd: radio1 (1340): wifi-scripts: network is not present in the schema
```
The description is taken from the OpenWrt wiki:
https://openwrt.org/docs/guide-user/network/wifi/basic#common_options1
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/18946
Signed-off-by: Robert Marko <robimarko@gmail.com>
263a0cb87b50 udebug: use proper libudebug API
ca9b8765aea3 dns: rework packet API
ea40cfdf7eb0 cache: send multiple queries in a single packet
d62813727e53 cache: add explicit lookup for host addresses
0ce73d80dc0c dns: add cache/queue for outgoing queries
083be33749b1 cache: improve service refresh behavior
55d0c1bc1ac5 interface: ask for unicast responses by default
ce508467a533 service: add support for setting service specific hostname
632953a1582d interface: when interface properties change, reinitialise
695ac3708aa0 ubus: fix ubus announcements txt fields
cecbe1c0caae Make mdns responder case-insensitive.
2b28094d31ca dns: add support for reverse address mapping queries
Signed-off-by: Felix Fietkau <nbd@nbd.name>
By OpenWrt's design, hostapd runs in a single global instance for all radios supported by the device, rather than one instance per radio like hostapd usually does.
Signed-off-by: Agustin Lorenzo <agustin.lorenzo@thinco.es>
Link: https://github.com/openwrt/openwrt/pull/18426
Signed-off-by: Robert Marko <robimarko@gmail.com>
Manually refreshed:
301-mesh-noscan.patch
601-ucode_support.patch
770-radius_server.patch
Automatically rebased all other patches.
Signed-off-by: Agustin Lorenzo <agustin.lorenzo@thinco.es>
Link: https://github.com/openwrt/openwrt/pull/18426
Signed-off-by: Robert Marko <robimarko@gmail.com>
Some MBIM devices can exist on an MHI bus (over PCIe) instead of being presented as USB devices.
In such cases the interface name lookup needs to be done from /sys/class/wwan/ instead of /sys/class/usbmisc/
Add another readlink call in case the first lookup fails.
This allows the MBIM protocol to find the interface name and then work with both type of devices provided that /etc/config/network has the right device for MBIM interface (such as /dev/wwan0mbim0 in case of MHI)
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
The device manufacturer name for Qualcomm Atheros is listed
as "Qualcomm, Atheros" for PCI devices but "Qualcomm Atheros" under
"compatible". This gives inconsistent results in `iwinfo` and
```
Hardware: 0x168c:0x0046 0x168c:0xcafe [Qualcomm, Atheros QCA9984]
Hardware: embedded [Qualcomm Atheros IPQ8074]
```
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/18039
Signed-off-by: Robert Marko <robimarko@gmail.com>
The 'unknown' string was misspelled as 'unknonw'.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/18039
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add 'dBm' units to 'Signal' and 'Noise' to match what non-ucode iwinfo shows.
Before:
Signal: -49 Noise: -103
After:
Signal: -49 dBm Noise: -103 dBm
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/18039
Signed-off-by: Robert Marko <robimarko@gmail.com>
When bitrate is unknown, the units shouldn't be displayed. This is
consistent with other "unknown" fields and non-ucode iwinfo.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/18039
Signed-off-by: Robert Marko <robimarko@gmail.com>
Version 6.14 - April 7, 2025
* Feature: list PHYs (--show-phys)
* Feature: target a specific PHY with some commands (--phy)
* Feature: more attributes for C33 PSE (--show-pse, --set-pse)
* Feature: source information for cable tests (--cable-test[-tdr])
* Feature: JSON output for module info (-m)
* Feature: misc RSS hash info improvements (-x)
* Feature: tsinfo hwtstamp provider (--{get,set}-hwtimestamp-cfg)
* Fix: fix wrong auto-negotiation state (no option)
* Fix: more explicit RSS context action (-n)
* Fix: print PHY address as decimal (no option)
* Fix: fix return value on flow hashing error (-N)
* Fix: fix JSON output for IRQ coalescing
* Fix: fix MDI-X info output (no option)
* Misc: code cleanup in module parsers
* Misc: provide module_info JSON schema
* Misc: add '-j' alias for --json
* Misc: provide AppStream metainfo XML
* Misc: update message descriptions for debugging output
Signed-off-by: Piotr Kubik <piotr.kubik@adtran.com>
Signed-off-by: Chad Monroe <chad@monroe.io>
Link: https://github.com/openwrt/openwrt/pull/18803
Signed-off-by: Robert Marko <robimarko@gmail.com>
Backport patches to support scans of WiFi 7 APs.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Link: https://github.com/openwrt/openwrt/pull/18741
Signed-off-by: Robert Marko <robimarko@gmail.com>
Enable Device Provisioning Protocol (DPPv2) in hostapd
for the "full" build-variants.
DPPv2 currently does not compile with WolfSSL due to
missing PKCS7 and certificate support.
Link: https://github.com/openwrt/openwrt/pull/18485
Signed-off-by: Gustavo Bertoli <gubertoli@gmail.com>
On big endian platforms, scans show invalid info for WiFi 6 APs.
This commit backports patches to fix this issue.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Link: https://github.com/openwrt/openwrt/pull/18717
Signed-off-by: Robert Marko <robimarko@gmail.com>
This fixes the following compile problem:
```
checking for asm/types.h... dsl_cpe_linux.c: In function 'DSL_CPE_ThreadInit':
dsl_cpe_linux.c:779:25: error: assignment to 'DSL_CPE_Thread_t' {aka 'int'} from 'pthread_t' {aka 'struct __pthread *'} makes integer from pointer without a cast [-Wint-conversion]
779 | pThrCntrl->tid = tid;
| ^
dsl_cpe_linux.c: In function 'DSL_CPE_ThreadDelete':
dsl_cpe_linux.c:862:44: error: passing argument 1 of 'pthread_cancel' makes pointer from integer without a cast [-Wint-conversion]
862 | switch(pthread_cancel(pThrCntrl->tid))
| ~~~~~~~~~^~~~~
| |
| DSL_CPE_Thread_t {aka int}
In file included from dsl_cpe_linux.h:35:
/builder/shared-workdir/build/staging_dir/toolchain-mips_mips32_gcc-14.2.0_musl/include/pthread.h:98:20: note: expected 'pthread_t' {aka 'struct __pthread *'} but argument is of type 'DSL_CPE_Thread_t' {aka 'int'}
98 | int pthread_cancel(pthread_t);
| ^~~~~~~~~
dsl_cpe_linux.c: In function 'DSL_CPE_ThreadIdGet':
dsl_cpe_linux.c:1123:11: error: returning 'pthread_t' {aka 'struct __pthread *'} from a function with return type 'DSL_CPE_Thread_t' {aka 'int'} makes integer from pointer without a cast [-Wint-conversion]
1123 | return pthread_self();
| ^~~~~~~~~~~~~~
```
While at it, fix also some additional build warnings.
Link: https://github.com/openwrt/openwrt/pull/18688
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Trying to compile EAD with now default GCC14 will fail due to now erroring
out on implicit int type as well as implicit function declarations.
Due to this, the packaged configure script will fail on the simple compiler
test as the generated test uses main loop with an implicit int type.
So, instead of patching multiple test cases in the shipped configure script
for tinysrp lets run autoreconf on it so its regenerated.
We also need to pass -Wno-error=implicit-function-declaration as there are
multiple instances of tinysrp code relying on implicit function declarations.
Link: https://github.com/openwrt/openwrt/pull/18645
Signed-off-by: Robert Marko <robimarko@gmail.com>
Some ISPs require the client ID to be set in the DHCP and DHCPv6
requests. OpenWrt sets the client id for IPv6 but not for IPv4 by
default.
Align this behavior between DHCPv4 and DHCPv6.
ISPs that require this measure are Deutsche Glasfaser as well as some
Entega connections.
Signed-off-by: David Bauer <mail@david-bauer.net>
Fix an issue where NCM interface initialization fails because of wrong
modem manufacturer detection.
gcom call returns an output with Windows-style line breaks (containing \r)
what makes awk call return empty or malformed manufacturer name. Changing
awk RS variable to handle both \n and \r\n as line break fixes this issue.
Fixes#17448 and #17998 GitHub issues.
Signed-off-by: Jakub Łabuz <jakub@labuz.dev>
Link: https://github.com/openwrt/openwrt/pull/18460
Signed-off-by: Robert Marko <robimarko@gmail.com>
updated 200-ubus_dns.patch
all remaining patches not required
Changelog for version 2.91 - https://thekelleys.org.uk/dnsmasq/CHANGELOG
version 2.91
Fix spurious "resource limit exceeded messages". Thanks to
Dominik Derigs for the bug report.
Fix out-of-bounds heap read in order_qsort().
We only need to order two server records on the ->serial field.
Literal address records are smaller and don't have
this field and don't need to be ordered on it.
To actually provoke this bug seems to need the same server-literal
to be repeated twice, e.g., --address=/a/1.1.1.1 --address-/a/1.1.1.1
which is clearly rare in the wild, but if it did exist it could
provoke a SIGSEGV. Thanks to Daniel Rhea for fuzzing this one.
Fix buffer overflow when configured lease-change script name
is too long.
Thanks to Daniel Rhea for finding this one.
Improve behaviour in the face of non-responsive upstream TCP DNS
servers. Without shorter timeouts, clients are blocked for too long
and fail with their own timeouts.
Set --fast-dns-retries by default when doing DNSSEC. A single
downstream query can trigger many upstream queries. On an
unreliable network, there may not be enough downstream retries
to ensure that all these queries complete.
Improve behaviour in the face of truncated answers to queries
for DNSSEC records. Getting these answers by TCP doesn't now
involve a faked truncated answer to the downstream client to
force it to move to TCP. This improves performance and robustness
in the face of broken clients which can't fall back to TCP.
No longer remove data from truncated upstream answers. If an
upstream replies with a truncated answer, but the answer has some
RRs included, return those RRs, rather than returning and
empty answer.
Fix handling of EDNS0 UDP packet sizes.
When talking upstream we always add a pseudo header, and set the
UDP packet size to --edns-packet-max. Answering queries from
downstream, we get the answer (either from upstream or local
data) If local data won't fit the advertised size (or 512 if
there's not an EDNS0 header) return truncated. If upstream
returns truncated, do likewise. If upstream is OK, but the
answer is too big for downstream, truncate the answer.
Modify the behaviour of --synth-domain for IPv6.
When deriving a domain name from an IPv6 address, an address
such as 1234:: would become 1234--.example.com, which is
not legal in IDNA2008. Stop using the :: compression method,
so 1234:: becomes
1234-0000-0000-0000-0000-0000-0000-0000.example.com
Fix broken dhcp-relay on *BSD. Thanks to Harold for finding
this problem.
Add --dhcp-option-pxe config. This acts almost exactly like
--dhcp-option except that the defined option is only sent when
replying to PXE clients. More importantly, these options are sent
in reply PXE clients when dnsmasq in acting in PXE proxy mode. In
PXE proxy mode, the set of options sent is defined by the PXE standard
and the normal set of options is not sent. This config allows arbitrary
options in PXE-proxy replies. A typical use-case is to send option
175 to iPXE. Thanks to Jason Berry for finding the requirement for
this.
Support PXE proxy-DHCP and DHCP-relay at the same time.
When using PXE proxy-DHCP, dnsmasq supplies PXE information to
the client, which also talks to another "normal" DHCP server
for address allocation and similar. The normal DHCP server may
be on the local network, but it may also be remote, and accessed via
a DHCP relay. This change allows dnsmasq to act as both a
PXE proxy-DHCP server AND a DHCP relay for the same network.
Fix erroneous "DNSSEC validated" state with non-DNSSEC
upstream servers. Thanks to Dominik Derigs for the bug report.
Handle queries with EDNS client subnet fields better. If dnsmasq
is configured to add an EDNS client subnet to a query, it is careful
to suppress use of the cache, since a cached answer may not be valid
for a query with a different client subnet. Extend this behaviour
to queries which arrive a dnsmasq already carrying an EDNS client
subnet.
Handle DS queries to auth zones. When dnsmasq is configured to
act as an authoritative server and has an authoritative zone
configured, and receives a query for that zone _as_forwarder_
it answers the query directly rather than forwarding it. This
doesn't affect the answer, but it saves dnsmasq forwarding the
query to the recursor upstream, which then bounces it back to dnsmasq
in auth mode. The exception should be when the query is for the root
of zone, for a DS RR. The answer to that has to come from the parent,
via the recursor, and will typically be a proof-of-non-existence
since dnsmasq doesn't support signed zones. This patch suppresses
local answers and forces forwarding to the upstream recursor for such
queries. It stops breakage when a DNSSEC validating client makes
queries to dnsmasq acting as forwarder for a zone for which it is
authoritative.
Implement "DNS-0x20 encoding", for extra protection against
reply-spoof attacks. Since DNS queries are case-insensitive,
it's possible to randomly flip the case of letters in a query
and still get the correct answer back.
This adds an extra dimension for a cache-poisoning attacker
to guess when sending replies in-the-blind since it's expected
that the legitimate answer will have the same pattern of upper
and lower case as the query, so any replies which don't can be
ignored as malicious. The amount of extra entropy clearly depends
on the number of a-z and A-Z characters in the query, and this
implementation puts a hard limit of 32 bits to make resource
allocation easy. This about doubles entropy over the standard
random ID and random port combination. This technique can interact
badly with rare broken DNS servers which don't preserve the case
of the query in their reply. The first time a reply is returned
which matches the query in all respects except case, a warning
will be logged. In this release, 0x020-encoding is default-off
and must be explicitly enabled with --do-0x20-encoding. In future
releases it may default on. You can avoid a future release
changing the behaviour of an installation with --no-x20-encode.
Fix a long-standing problem when two queries which are identical
in every repect _except_ case, get combined by dnsmasq. If
dnsmasq gets eg, two queries for example.com and Example.com
in quick succession it will get the answer for example.com from
upstream and send that answer to both requestors. This means that
the query for Example.com will get an answer for example.com, and
in the modern DNS, that answer may not be accepted.
Signed-off-by: Rudy Andram <rmandrad@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18357
Signed-off-by: Robert Marko <robimarko@gmail.com>
Some ath12k radios can take long time to initialize and register a
phy. This can cause netifd to fail to detect them during initial scan.
To address this issue, a hotplug script has been added to retry
configuration once they have registered their phy.
Signed-off-by: Mantas Pucka <mantas@8devices.com>
Link: https://github.com/openwrt/openwrt/pull/18459
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
lldpd can send several hardware inventory TLV fields. Extend the init
script to provide these when the existing flag 'lldpmed_no_inventory' is
disabled. Five new methods provide default values for some of them,
taken from /etc/os-release and /etc/board.json.
There is no homogeneous method to determine the hardware serial number,
so it can be provided manually, as can asset ID.
Note: properties >= 32 characters are truncated at send time (by lldpd),
and some (Cisco) equipment displays junk after strings >= 32 characters.
So truncate to 31.
Tested on: 24.10.0 (known compatible with 22 and 23 also)
===
Example
===
The following lldpd config lines:
configure inventory hardware-revision "v0"
configure inventory software-revision "r28427-6df0e3d02a"
configure inventory firmware-revision "OpenWrt 24.10.0"
configure inventory serial-number "ABCDEF-123456"
configure inventory manufacturer "glinet"
configure inventory model "GL.iNet GL-MT6000"
# 32 characters:
configure inventory asset "abcdefghijklmnopqrstuvwxyz 12345"
Produce the following TLV (decoded by Wireshark):
Telecommunications Industry Association TR-41 Committee - Inventory - Hardware Revision
1111 111. .... .... = TLV Type: Organization Specific (127)
.... ...0 0000 0110 = TLV Length: 6
Organization Unique Code: 00:12:bb (Telecommunications Industry Association TR-41 Committee)
Media Subtype: Inventory - Hardware Revision (0x05)
Hardware Revision: v0
Telecommunications Industry Association TR-41 Committee - Inventory - Firmware Revision
1111 111. .... .... = TLV Type: Organization Specific (127)
.... ...0 0001 0011 = TLV Length: 19
Organization Unique Code: 00:12:bb (Telecommunications Industry Association TR-41 Committee)
Media Subtype: Inventory - Firmware Revision (0x06)
Firmware Revision: OpenWrt 24.10.0
Telecommunications Industry Association TR-41 Committee - Inventory - Software Revision
1111 111. .... .... = TLV Type: Organization Specific (127)
.... ...0 0001 0101 = TLV Length: 21
Organization Unique Code: 00:12:bb (Telecommunications Industry Association TR-41 Committee)
Media Subtype: Inventory - Software Revision (0x07)
Software Revision: r28427-6df0e3d02a
Telecommunications Industry Association TR-41 Committee - Inventory - Serial Number
1111 111. .... .... = TLV Type: Organization Specific (127)
.... ...0 0001 0100 = TLV Length: 20
Organization Unique Code: 00:12:bb (Telecommunications Industry Association TR-41 Committee)
Media Subtype: Inventory - Serial Number (0x08)
Serial Number: ABCDEF-123456
Telecommunications Industry Association TR-41 Committee - Inventory - Manufacturer Name
1111 111. .... .... = TLV Type: Organization Specific (127)
.... ...0 0000 1010 = TLV Length: 10
Organization Unique Code: 00:12:bb (Telecommunications Industry Association TR-41 Committee)
Media Subtype: Inventory - Manufacturer Name (0x09)
Manufacturer Name: glinet
Telecommunications Industry Association TR-41 Committee - Inventory - Model Name
1111 111. .... .... = TLV Type: Organization Specific (127)
.... ...0 0001 0101 = TLV Length: 21
Organization Unique Code: 00:12:bb (Telecommunications Industry Association TR-41 Committee)
Media Subtype: Inventory - Model Name (0x0a)
Model Name: GL.iNet GL-MT6000
Telecommunications Industry Association TR-41 Committee - Inventory - Asset ID
1111 111. .... .... = TLV Type: Organization Specific (127)
.... ...0 0010 0011 = TLV Length: 35
Organization Unique Code: 00:12:bb (Telecommunications Industry Association TR-41 Committee)
Media Subtype: Inventory - Asset ID (0x0b)
Asset ID: abcdefghijklmnopqrstuvwxyz 1234
The Cisco DUT displays:
Hardware Revision: v0
Firmware Revision: OpenWrt 24.10.0
Software Revision: r28427-6df0e3d02a
Serial Number: ABCDEF-123456
Manufacturer Name: glinet
Model Name: GL.iNet GL-MT6000
Asset ID: abcdefghijklmnopqrstuvwxyz 1234
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18354
Signed-off-by: Robert Marko <robimarko@gmail.com>
For WIFI7 devices (such as mt7925e), the dev width is currently
always "20 MHz (no HT)" in monitor mode.
Add EHT and HE160 support to iw_htmode to fix this issue.
Additionally, the following changes are made:
1. Set iw_htmode to 160MHz for VHT160. The reason for the current
VHT160 setting is unclear and seems to have been in place for
over a decade (ibss_htmode [1]). If anyone knows its impact,
please inform me so I can restore it.
2. Modify MHZ to MHz. The original matching table in the current
iw tool uses MHz. Although the match is case-insensitive,
correcting this won't hurt.
[1]: 768d09be87
Signed-off-by: Ming Kuang <ming@imkuang.com>
Link: https://github.com/openwrt/openwrt/pull/18319
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
b6e5157527d3 fw4: fix reading kernel version
42d3b3d4ca21 fw4: allow family any for ipsets not matching IP addresses
edfdfc6df484 Revert "fw4: allow family any for ipsets not matching IP addresses"
97962771aa3c config: drop to-be-forwarded-nowhere packets on wans
00fc6943a297 init: remove unnecessary stop logic
ad3cba79c192 fw4: allow family any for ipsets not matching IP addresses
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
[fix PKG_MIRROR_HASH]
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18283
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changes:
- Support of both Apple Silicon and Intel for macOS package.
- Add cvlan/svlan/tpmr capabilities.
- Disable LLDP in firmware for Intel X7xx cards on FreeBSD.
- Add lldpctl_watch_sync_unblock to liblldpctl.
- Add C++ wrapper for lldpctl.
Fix:
- Fix AppArmor policy for /run/lldpd/lldpd.socket.lock.
- Do not query stats for a down interface on Linux.
```
# lldpd -vv
lldpd 1.0.19
Built on 2025-03-24T17:43:44Z
Additional LLDP features: LLDP-MED, Dot1, Dot3, Custom TLV
Additional protocols: CDP, FDP, EDP, SONMP
SNMP support: no
Old kernel support: no (Linux 2.6.39+)
Privilege separation: enabled
Privilege separation user: lldp
Privilege separation group: lldp
Privilege separation chroot: /var/run/lldp
Configuration directory: /tmp
C compiler command: C compiler command is not available for reproducible builds
Linker command: Linker compiler command is not available for reproducible builds
```
Tested on: 24.10.0
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18345
Signed-off-by: Nick Hainke <vincent@systemli.org>
With this patch, iw can now scan APs in the 6 GHz band and shows
their operation parameters:
~~~
6 Ghz Operation Information: 0x0103070f06
Primary Channel: 1
Channel Width: 80+80 or 160 MHz
Regulatory Info: 0
Center Frequency Segment 0: 7
Center Frequency Segment 1: 15
Minimum Rate: 6
~~~
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Link: https://github.com/openwrt/openwrt/pull/18240
Signed-off-by: Robert Marko <robimarko@gmail.com>
Do not verify the format of TLV. Leave that to lldpd.
These lldpd config entries:
config custom-tlv
list ports 'eth0'
option tlv 'replace oui 33,44,55 subtype 254 oui-info 55,55,55,55,55'
config custom-tlv
option tlv 'oui 33,44,44 subtype 232'
list ports 'br-lan'
list ports 'eth0'
config custom-tlv # oui-info truncated
option tlv 'add oui 33,44,33 subtype 66 oui-info 5555555555'
config custom-tlv
option tlv 'add oui 33,44,31 subtype 44'
config custom-tlv # invalid oui
option tlv 'add oui 3322 subtype 79'
config custom-tlv # invalid oui
option tlv 'oui 3312 subtype 74'
Produce the following lldpd.conf content:
configure ports eth0 lldp custom-tlv replace oui 33,44,55 subtype 254 oui-info 55,55,55,55,55
configure ports br-lan,eth0 lldp custom-tlv oui 33,44,44 subtype 232
configure lldp custom-tlv add oui 33,44,33 subtype 66 oui-info 5555555555
configure lldp custom-tlv add oui 33,44,31 subtype 44
configure lldp custom-tlv add oui 3322 subtype 79
configure lldp custom-tlv oui 3312 subtype 74
And lldpd (v1.0.13 on v22) logs the following:
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op replace oui 33:44:55 subtype fe
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:44 subtype e8
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:33 subtype 42
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:33 subtype 42
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:31 subtype 2c
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:31 subtype 2c
Sat Mar 16 19:11:39 2024 daemon.warn lldpcli[10915]: invalid OUI value '3322'
Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: an error occurred while executing last command
Sat Mar 16 19:11:39 2024 daemon.warn lldpcli[10915]: invalid OUI value '3312'
Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: an error occurred while executing last command
Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: lldpd should resume operations
( The last two TLV are invalid: their oui must be three hex bytes, comma
separated. Only the first hex byte of oui-info 5555555555 is used )
Depends on #14867 and its release version bump
Tested on: 22.03.6
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14872
Signed-off-by: Robert Marko <robimarko@gmail.com>
where csv = comma separated value(s)
Make the function more generic. Can use it for not only 'config'.
Now it can be used to parse interfaces for additional lldpd settings,
e.g. custom-tlv.
Tested on: 22.03.6
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14872
Signed-off-by: Robert Marko <robimarko@gmail.com>
This service automatically establishes connections to any hosts that are members
of the same unet network, and allows publish/subscribe exchanges via ubus channels.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This does not actually create a new private key. Instead, the salt is replaced,
and a xor key is generated which when merged with the key derived from the new
password transforms into the original private key.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Currently, logging level of the RADIUS server is a constant corresponding
to the highest verbosity (EXCESSIVE, ALL), but when running as a system
service, the output is discarded.
This commit makes logging verbosity configurable by `log_level` option
and redirects all logs to `logd`. Possible levels are defined in hostap
sources:
https://w1.fi/cgit/hostap/tree/src/utils/wpa_debug.h?id=012a893c469157d5734f6f33953497ea6e3b0169#n23
Their reference is inlined in `radius.config` file.
Default value for logging verbosity is INFO (even if the `-l` flag isn't
specified).
Signed-off-by: Dávid Benko <davidbenko@davidbenko.dev>
Link: https://github.com/openwrt/openwrt/pull/18089
Signed-off-by: Robert Marko <robimarko@gmail.com>
Even though IPv6 support for hostapd RADIUS server is implemented
(flag `-6`), it's not possible to enable it from configuration.
This commit adds this option and adapts init script.
Signed-off-by: Dávid Benko <davidbenko@davidbenko.dev>
Link: https://github.com/openwrt/openwrt/pull/18089
Signed-off-by: Robert Marko <robimarko@gmail.com>
d8b43985e4d7 ubus: fix token_create policy
7326459bd743 ubus: dump service information on network_get
6c9c8fbd8128 service: add @all as alias for all members, unless defined differently
Signed-off-by: Felix Fietkau <nbd@nbd.name>
`ucv_array_set` releases the array's reference to the object being cleared.
If this is the last reference to the object, it will be freed, making our
pointer `val` invalid.
To avoid this, we need to obtain our own reference to the object so we
can safely return `val`.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Since `wpa_ucode_registry_add` collects its own reference to the values added, the
two functions `hostapd_ucode_bss_get_uval` and `hostapd_ucode_iface_get_uval` would
sometimes return a referenced object (from `uc_resource_new`) and sometimes return
an unreferenced object (from `wpa_ucode_registry_get`). Now, both functions always
return a referenced object.
This change also indirectly fixes `hostapd_ucode_bss_get_uval`, ensuring it now
always returns a referenced object.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Remove extra ucv_get calls when passing a referenced value to an object
without using it further.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes a common reference counting bug typically along the lines of:
```
uc_value_push(ucv_get(ucv_string_new(...)));
```
This would leave our new string with a reference count of 2, one from
the construction of the string, the other from `ucv_get`. This would
prevent the strings from being correctly cleaned up when it goes out
of scope.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
75a236be122a service: add missing null pointer check
f5341f327539 ubus: add api for generating and validating security tokens
3fab99eab4d5 add udebug support
28d86bd30e97 pex: only respond to update requests when we have network data
8e6f37cc361e pex-msg: ignore no-data responses if version is zero
12e6cf7f63e1 pex: create pex host from update responses
edc8fdae463a ubus: show the local addresses in network status
Signed-off-by: Felix Fietkau <nbd@nbd.name>
ethtool since version 6.9 introduced support for getting/setting RSS
input transformation supported in Linux since version 6.8.
The now changed kernel ioctl ABI, however, cannot be detected from
userland, and ethtool since version 6.9 simply assumes that a previously
reserved field is now used to set the input transformation.
Unfortunately the default value RXH_XFRM_NO_CHANGE (0xff) used by ethtool
userland creates an incompatibility with older kernels which cannot be
resolved easily without introducing even more ABI breakage.
Work-around the issue and fix support for --set-rxfh and --set-rxfh-indir
ethtool userland tool commands by making the support for input_xfrm
conditional on compile time, and keep it disabled for Linux 6.6.
Fixes: 8c2dcd1518 ("ethtool: update to 6.10")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update iproute2 to 6.13.
Release notes:
https://lwn.net/ml/all/20250120194053.3744d96b@hermes.local/
Allows us to drop multiple upstreamed patches:
package/network/utils/iproute2/patches/013-endian.h.patch
package/network/utils/iproute2/patches/014-basename.patch
package/network/utils/iproute2/patches/015-limits.h.patch
package/network/utils/iproute2/patches/016-limits.h.patch
package/network/utils/iproute2/patches/017-linux-limits.patch
package/network/utils/iproute2/patches/018-linux-limits.patch
Link: https://github.com/openwrt/openwrt/pull/18067
Signed-off-by: Robert Marko <robimarko@gmail.com>
On exit, the app tries to do an orderly shutdown of the DSL connection
before it is stopped forcibly. Since the driver does 3 attempts with a
timeout of 2 seconds each, this might take about 6 seconds in the worst
case.
This is problematic on sysupgrade, because any process that doesn't exit
within 4 seconds is killed. This means that the DSL connection might not
be stopped at all before the actual system upgrade begins.
To avoid this, use the newly added option in the driver to not retry the
L3 request on failure.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Link: https://patchwork.ozlabs.org/project/openwrt/patch/20250130102108.1606919-3-jan@3e8.eu/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
he_spr_psr_enabled is appended to hostapd.conf if it's enabled, but hostapd
doesn't support this config, it should be used as an internal flag to control
the he_spr_sr_control configuring.
Signed-off-by: Lix Zhou <xeontz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18025
Signed-off-by: John Crispin <john@phrozen.org>
On some devices, the rx/tx bitrate may not always be available
right away, or at all when in mesh mode at plink is blocked causing
the following:
```
Reference error: left-hand side expression is null
In assoclist(), file /usr/share/ucode/iwinfo.uc, line 321, byte 46:
called from function info (/usr/share/ucode/iwinfo.uc:427:33)
called from anonymous function (/usr/bin/iwinfo:108:25)
` bitrate_raw: station.sta_info.tx_bitrate.bitrate,`
Near here -----------------------------------------------^
Reference error: left-hand side expression is null
In assoclist(), file /usr/share/ucode/iwinfo.uc, line 314, byte 54:
called from function info (/usr/share/ucode/iwinfo.uc:427:33)
called from anonymous function (/usr/bin/iwinfo:108:25)
` bitrate: format_rate(station.sta_info.rx_bitrate.bitrate),`
Near here -------------------------------------------------------^
Reference error: left-hand side expression is null
In assoc_flags(), file /usr/share/ucode/iwinfo.uc, line 216, byte 12:
called from function assoclist (/usr/share/ucode/iwinfo.uc:323:51)
called from function info (/usr/share/ucode/iwinfo.uc:427:33)
called from anonymous function (/usr/bin/iwinfo:108:25)
` if (data[k])`
Near here -------^
```
This was seen on Linksys MX5300 in mesh mode (QCA9984).
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/18027
Signed-off-by: John Crispin <john@phrozen.org>
* Add missing parentheses in the conditionals for VHT160/VHT160-80PLUS80
and VHT_MAX_MPDU capabilities. The missing parentheses caused the bitwise
AND to be evaluated after the equality comparison due to ECMA's operator
precedence, where `==` has higher precedence than `&`.
* Fix Max MPDU length detection by changing the comparison operators to
`>=` vs `>` otherwise the condition would never be met.
* Add missing default values:
- `true` value for `short_gi_80` (As it exists for `short_gi_20`, `short_gi_40`, `short_gi_160`)
- `7` for `vht_max_mpdu` (Without it the loop in MAX-MPDU-* calculation always compares with null)
* Change the `vht160` condition to `config.vht160 <= 2`. This flag is
`2` by default, and only ever set to `0` when `vht_oper_chwidth < 2`.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/18013
Signed-off-by: John Crispin <john@phrozen.org>
Notation for RX-STBC VHT capabilities when specifying number of spatial
streams should be hyphenated, e.g. RX-STBC-1, RX-STBC-2. HT capabilities
use without hyphen, e.g. RX-STBC1, RX-STBC2. This is consistent with
what hostapd expects.
```c
static int hostapd_config_ht_capab(struct hostapd_config *conf,
const char *capab)
{
if (os_strstr(capab, "[RX-STBC1]")) {
conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
conf->ht_capab |= HT_CAP_INFO_RX_STBC_1;
}
if (os_strstr(capab, "[RX-STBC12]")) {
conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
conf->ht_capab |= HT_CAP_INFO_RX_STBC_12;
}
if (os_strstr(capab, "[RX-STBC123]")) {
conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
conf->ht_capab |= HT_CAP_INFO_RX_STBC_123;
}
}
static int hostapd_config_vht_capab(struct hostapd_config *conf,
const char *capab)
{
if (os_strstr(capab, "[RX-STBC-1]"))
conf->vht_capab |= VHT_CAP_RXSTBC_1;
if (os_strstr(capab, "[RX-STBC-12]"))
conf->vht_capab |= VHT_CAP_RXSTBC_2;
if (os_strstr(capab, "[RX-STBC-123]"))
conf->vht_capab |= VHT_CAP_RXSTBC_3;
if (os_strstr(capab, "[RX-STBC-1234]"))
}
```
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/18013
Signed-off-by: John Crispin <john@phrozen.org>
When selecting channels above 100 in VHT160+ modes the center
frequency segment was incorrectly set to 50, causing the interface
to not come up.
Change logic to instead check if the channel is within ±28 channels
of the intended center, which matches the actual 160+ MHz channel
width specification for VHT160, HE160, and EHT160.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/18013
Signed-off-by: John Crispin <john@phrozen.org>
This vastly simplifies creating and managing unet networks.
It also adds support for the unetd protocol for onboarding new nodes
over the network.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Depending on the config / circumstances, the get_psk call can be called
multiple times from differnt places, which can lead to wrong sta->psk_idx
values. The correct call is the one that is also interested in the vlan_id,
so use the vlan_id pointer as indication of when to set sta->psk_idx.
Also fix off-by-one error for secondary PSKs
Fixes: b2a2c28617 ("hostapd: add support for authenticating with multiple PSKs via ubus helper")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The 00 address_mask needs to be inverted, otherwise the mac address
allocation will modify the last byte instead of the first one.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Unless another toolchain is present (or selected), build the bpf toolchain
whenever a package is selected that needs it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
9ff15f7ee3a0 devices: add device id for MediaTek MT7992E
94b3a3c1a6c4 devices: add device id for Qualcomm Atheros IPQ5018
9cec6b4dd2df devices: add device id for Qualcomm Atheros QCN6122
Link: https://github.com/openwrt/openwrt/pull/17878
Signed-off-by: Robert Marko <robimarko@gmail.com>
322500403615 service: add default group @ to match all nodes
5f7860306200 ubus: rename unetd_ubus_notify to unetd_ubus_network_notify
d13752814651 enroll: add PEX sub-protocol to support enrolling new nodes into a network
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Version 6.11 - October 8, 2024
* Feature: cmis: print active and inactive firmware versions
* Feature: flash transceiver module firmware (--flash-module-firmware)
* Feature: add T1BRR 10Mb/s mode to link mode tables
* Feature: support for disabling netlink from command line
* Fix: fix lanes parameter format specifier
* Fix: add missing clause 33 PSE manual description
* Fix: qsf: Better handling of Page A2h netlink read failure
* Fix: rss: retrieve ring count using ETHTOOL_GRXRINGS ioctl (-x)
* Misc: man page formatting fix
* changelog here: https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/commit/NEWS?id=c0ea4b70c71334ef038f7a3416b228a50dada406
Tested on gl.inet MT6000, retrieve ring count is now working
Signed-off-by: Andrea Pesaresi <andreapesaresi82@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17607
Signed-off-by: Robert Marko <robimarko@gmail.com>
Some platforms a single ethernet device for all ports with multiple rx rings
and NAPI threading enabled. In this case, the steering script was limiting
performance by keeping all NAPI threads assigned to the same CPU.
Fix this by assigning each rx queue and the corresponding NAPI task separately.
Additionally, if the number of rx queues is at least as big as the number of
CPUs, skip weight based assignment and distribute the load across all CPUs
directly.
Fixes: https://github.com/openwrt/openwrt/issues/17611
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The lldp_class and lldp_location config option are only valid when
compiled with LLDP-MED support. If not they will cause lldpd not to
start.
Signed-off-by: Sebastian Pflieger <sebastian@pflieger.email>
Link: https://github.com/openwrt/openwrt/pull/17571
Signed-off-by: Robert Marko <robimarko@gmail.com>
It needs to be opt-in instead of opt-out, since there is no reliable way to
determine if the extra background radar chain has an antenna connected.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Changes (breaking):
- Remove support for building 802.3bt TLVs (broken).
Fix:
- Fix memory leaks in EDP/FDP decoding when receiving some TLVs twice.
- Do not set interface description continuously.
- Use a different Netlink socket for changes and queries.
Signed-off-by: Sebastian Pflieger <sebastian@pflieger.email>
Link: https://github.com/openwrt/openwrt/pull/17570
Signed-off-by: Robert Marko <robimarko@gmail.com>
Without this patch, we get the following error:
Mon Dec 23 11:35:44 2024 daemon.err hostapd: nl80211: kernel reports: integer out of range
As updating hostapd would be too complex and requires further testing,
we backport this simple upstream fix instead.
Fixes: https://github.com/openwrt/openwrt/issues/16680
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/17590
Signed-off-by: Petr Štetiar <ynezz@true.cz>
