This release incorporates the following bug fixes and mitigations:
Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
(CVE-2026-31790)
Fixed loss of key agreement group tuple structure when the DEFAULT keyword
is used in the server-side configuration of the key-agreement group list.
(CVE-2026-2673)
Fixed potential use-after-free in DANE client code.
(CVE-2026-28387)
Fixed NULL pointer dereference when processing a delta CRL.
(CVE-2026-28388)
Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
(CVE-2026-28389)
Fixed possible NULL dereference when processing CMS
KeyTransportRecipientInfo.
(CVE-2026-28390)
Fixed heap buffer overflow in hexadecimal conversion.
(CVE-2026-31789)
No need refresh patches
Signed-off-by: Jack Sun <sunjiazheng321521@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22847
Signed-off-by: Robert Marko <robimarko@gmail.com>
The rss-input-xfrm workaround for Linux 6.6 is no longer needed with
current kernel versions. Remove the patch and the associated
--enable-rss-input-xfrm configure flag.
Link: https://github.com/openwrt/openwrt/pull/22841
Signed-off-by: Nick Hainke <vincent@systemli.org>
The highlight of this version is that the bl2 size will be reduced
by 60+ KB. The MT7987 SPI interface selection hack was replaced by
upstream implementation with the new symbol SPIM_NAND_PREFER_SPI2.
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Migrate timer handling (removed in 6.13) and netdev dummy initialization
(removed in 6.16) to new methods with guards to not break older kernels.
This resolves compilation errors due to missing del_timer_sync(),
from_timer() and init_dummy_netdev().
Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de>
Link: https://github.com/openwrt/openwrt/pull/22775
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This version fixes some security problems:
* Client impersonation while resuming a TLS 1.3 session
(CVE-2026-34873)
* Entropy on Linux can fall back to /dev/urandom (CVE-2026-34871)
* PSA random generator cloning (CVE-2026-25835)
* Compiler-induced constant-time violations (CVE-2025-66442)
* Null pointer dereference when setting a distinguished name
(CVE-2026-34874)
* Buffer overflow in FFDH public key export (CVE-2026-34875)
* FFDH: lack of contributory behaviour due to improper input validation
(CVE-2026-34872)
* Signature Algorithm Injection (CVE-2026-25834)
* CCM multipart finish tag-length validation bypass (CVE-2026-34876)
* Risk of insufficient protection of serialized session or context data
leading to potential memory safety issues (CVE-2026-34877)
* Buffer underflow in x509_inet_pton_ipv6() (CVE-2026-25833)
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.6
Size increases by 470 bytes on aarch64:
343995 bin/packages/aarch64_generic/base/libmbedtls21-3.6.5-r1.apk
344465 bin/packages/aarch64_generic/base/libmbedtls21-3.6.6-r1.apk
Link: https://github.com/openwrt/openwrt/pull/22787
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Include the column utility to allow simple formatting of columnar
output.
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22782
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Version 6.19 - Feb 14, 2026
* Feature: support HW timestamp configuration (--set-hwtimestamp-cfg)
* Feature: display HW timestamp source (-T)
* Feature: support PLCA notifications (--get/set-plca-cfg)
* Feature: add PSE priority management support (--show/set-pse)
* Feature: support PSE notifications (--show/set-pse)
* Feature: support configuring RSS on IPv6 Flow Label (-n/-N)
* Feature: support FEC bit error histograms (--show-fec)
* Feature: register dump decoding for TI K3 CPSW and its ALE table (-d)
* Fix: fix missing headers in text output
* Fix: fix print_string when the value is NULL (-Werror=format-security)
* Fix: fix JSON output of SFP diagnostics
* Fix: fix duplicated JSON keys in module info
* Misc: clarify that symmetric RSS may be on by default (-x/-X)
* Misc: add AppStream metainfo file to %files section
Link: https://github.com/openwrt/openwrt/pull/22780
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add missing dependency kmod-ptp to fix the build error. We also
add symbol CONFIG_PTP_1588_CLOCK_OPTIONAL explicitly for kmod-ptp
because it is selected by CONFIG_PTP_1588_CLOCK. Fix:
Package kmod-iavf is missing dependencies for the following libraries:
ptp.ko
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/22730
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
cryptd has been decoupled from crypto-misc in the 6.18 kernel. Fix:
ERROR: module '/home/runner/work/Actions_/Actions_/openwrt/build_dir/target-i386_pentium4_musl/linux-x86_generic/linux-6.18.20/crypto/cryptd.ko' is missing.
make[3]: *** [modules/crypto.mk:873: /home/runner/work/Actions_/Actions_/openwrt/bin/targets/x86/generic/packages/kmod-crypto-misc-6.18.20-r1.apk] Error 1
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/22730
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
MediaTek T-PHY controller supports multiple usb2.0, usb3.0 ports,
PCIe and SATA. ARM mediatek and ramips/mt7621 targets require this
package to make the XHCI work properly.
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/22094
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This was replaced upstream with a proper rng device that feeds into
/dev/random. No need for this anymore.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22766
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The ucode path generates different erp_domain and fils_cache_id
values than the legacy shell path due to three mismatches:
1. erp_domain md5 input missing trailing newline (echo adds \n)
2. erp_domain output truncated to 4 chars instead of 8 (shell
uses head -c 8)
3. fils_cache_id md5 input missing trailing newline
4. erp_domain missing fallback to mobility_domain
Same bug pattern as mobility_domain fixed in commit b1dc2736db.
Fixes: #21768
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Joshua Klinesmith <joshuaklinesmith@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22677
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Export the unique, monotonic DISKSEQ sequence drive number instead of its
major/minor numbers to identify the boot disk and directly match the partition
in export_partdevice with PARTN.
The MINOR blockdevice numbers are not guaranteed sequential across disks, it
can happen that disks enumerate before their partitions are probed, resulting
in interleaved MINOR numbers breaking the partition offset calculation:
major minor #blocks name
259 0 250059096 nvme0n1
259 2 8192 nvme0n1p1
259 3 491520 nvme0n1p2
259 4 239 nvme0n1p128
259 1 250059096 nvme1n1
259 5 250057728 nvme1n1p1
Signed-off-by: Clemens Hopfer <openwrt@wireloss.net>
Link: https://github.com/openwrt/openwrt/pull/18962
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add some of the more current 4G and 5G modems.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Link: https://github.com/openwrt/openwrt/pull/13426
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The conditional runtime dependency on the ip package was originally
intended to only pull in the ip package when busybox ip is not
configured. However, in APK-based builds the BUSYBOX_CONFIG_*
variables may not be resolvable at package metadata generation
time, causing the ip dependency to be unconditionally baked into
the .apk package. This forces users to install ip-tiny or ip-full
even though busybox already provides the ip command.
Revert to the previous +@BUSYBOX_CONFIG_IP / +@BUSYBOX_CONFIG_FEATURE_IP_LINK
kconfig-level dependencies. These ensure busybox ip support is
enabled at config time without creating a runtime package dependency.
Both options default to y, and wireguard.uc only uses basic
ip link commands that busybox fully supports.
Fixes: openwrt#22637
Signed-off-by: Anand Kumar <anandvtu16158@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22652
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add ability to read u-boot-env partition as sys env
for Zyxel EX5601 and WX5600 with custom partitions.
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22670
Signed-off-by: Robert Marko <robimarko@gmail.com>
libunwind solves these in different ways.
ppc-musl is still pending upstream.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21057
Signed-off-by: Robert Marko <robimarko@gmail.com>
The rtl8812au-ct driver is obsolete and replaced by rtw88. It will need
tons of work to compile against 6.18 so for now limit it to 6.12.
Co-authored-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/21078
Signed-off-by: Robert Marko <robimarko@gmail.com>
Update module files for kernel 6.18
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/21078
Signed-off-by: Robert Marko <robimarko@gmail.com>
Update module files for kernel 6.18
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/21078
Signed-off-by: Robert Marko <robimarko@gmail.com>
Replace the two-step hrtimer initialization pattern with a single
consolidated call to hrtimer_setup().
The legacy approach of calling hrtimer_init() followed by manual
assignment to timer.function is deprecated. The new hrtimer_setup()
helper atomically initializes the timer and assigns the callback
function in one operation, eliminating the race-prone intermediate
state where the timer is initialized but lacks a handler.
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/21078
Signed-off-by: Robert Marko <robimarko@gmail.com>
Reintroduce old-style debugfs file_operations for kernels < 6.14 and
switch the drivers to use debugfs_short_fops + debugfs_create_file_aux
on >= 6.14. This restores compatibility with older kernels while keeping
the new debugfs API working on 6.14+.
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/21078
Signed-off-by: Robert Marko <robimarko@gmail.com>
This patch set introduces support for using the in-tree (mainline)
EIP93 crypto driver for kernel 6.18 and later, along with additional
improvements and fixes:
- Conditional Kconfig/Makefile handling for crypto-hw-eip93 to enable use of the mainline driver with kernel 6.18+.
- Patch 926: Use software AES fallback for small requests in the EIP93 driver.
- Patch 927: Add `mediatek,mtk-eip93` compatible string for upstream kernel device trees.
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/21078
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add a config option for the 6.18 series of kernels
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/21078
Signed-off-by: Robert Marko <robimarko@gmail.com>
Change GPIOF_ACTIVE_LOW to gpiod_toggle_active_low
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/21078
Signed-off-by: Robert Marko <robimarko@gmail.com>
Backport upstream driver and apply pending downstream patches to
support using the MaxLinear MxL86252 and MxL86282 switches.
The driver supports a native proprietary 8-byte DSA special tag format
(mxl862xx) as well as using an 802.1Q-based DSA tag (mxl862xx-8021q).
All basic bridge, VLAN and LAG operations are supported. A single port
can be used as mirror port. Hardware counters are made available as
ethtool stats or directly serve as interface counters (bytes,
packets).
The switch runs a complex ZephyrOS-based firmware on an integrated
ARC microcontroller, the driver uses the firmware management API over
MDIO to interact with the switch hardware.
Note that the firmware needs to be rather recent (WSP 1.0.78 or later)
to work well with this driver. It can be updated at runtime using devlink.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This allows us to use the full size of nand,
which extends ubi size from 64Mb to 122.25Mb.
1. Log in to the device and backup all the partitions,
especially unique "Factory" and "bdata" partitions
from System -> Backup / Flash Firmware -> Save mtdblock contents.
2. Install kmod-mtd-rw to unlock mtd partitions for writing
apk update && apk add kmod-mtd-rw && insmod mtd-rw i_want_a_brick=1
3. Write new OpenWrt (U-Boot Layout) "BL2" and "FIP":
mtd -e BL2 write openwrt-mediatek-filogic-cudy_wr3000h-v1-ubootmod-preloader.bin BL2
mtd -e FIP write openwrt-mediatek-filogic-cudy_wr3000h-v1-ubootmod-bl31-uboot.fip FIP
4. Set static IP on your PC: "192.168.1.254", gateway "192.168.1.1"
5. Serve openwrt-mediatek-filogic-cudy_wr3000h-v1-ubootmod-initramfs-recovery.itb
using TFTP server.
6. Connect Router LAN with PC LAN.
7. Cut off the power and re-engage, wait for TFTP recovery to complete.
8. After OpenWrt initramfs recovery has booted,
clean "/dev/mtd5" ubi partition to utilize maximum of free space:
ubidetach -p /dev/mtd5; ubiformat /dev/mtd5 -y; ubiattach -p /dev/mtd5
ubimkvol /dev/ubi0 -n 0 -N ubootenv -s 128KiB
ubimkvol /dev/ubi0 -n 1 -N ubootenv2 -s 128KiB
9. Perform sysupgrade.
Signed-off-by: Dmitry Mostovoy <stavultras@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21943
Signed-off-by: Robert Marko <robimarko@gmail.com>
This allows us to use the full size of nand,
which extends ubi size from 64Mb to 122.25Mb.
1. Log in to the device and backup all the partitions,
especially unique "Factory" and "bdata" partitions
from System -> Backup / Flash Firmware -> Save mtdblock contents.
2. Install kmod-mtd-rw to unlock mtd partitions for writing
apk update && apk add kmod-mtd-rw && insmod mtd-rw i_want_a_brick=1
3. Write new OpenWrt (U-Boot Layout) "BL2" and "FIP":
mtd -e BL2 write openwrt-mediatek-filogic-cudy_wr3000e-v1-ubootmod-preloader.bin BL2
mtd -e FIP write openwrt-mediatek-filogic-cudy_wr3000e-v1-ubootmod-bl31-uboot.fip FIP
4. Set static IP on your PC: "192.168.1.254", gateway "192.168.1.1"
5. Serve openwrt-mediatek-filogic-cudy_wr3000e-v1-ubootmod-initramfs-recovery.itb
using TFTP server.
6. Connect Router LAN with PC LAN.
7. Cut off the power and re-engage, wait for TFTP recovery to complete.
8. After OpenWrt initramfs recovery has booted,
clean "/dev/mtd5" ubi partition to utilize maximum of free space:
ubidetach -p /dev/mtd5; ubiformat /dev/mtd5 -y; ubiattach -p /dev/mtd5
ubimkvol /dev/ubi0 -n 0 -N ubootenv -s 128KiB
ubimkvol /dev/ubi0 -n 1 -N ubootenv2 -s 128KiB
9. Perform sysupgrade.
Signed-off-by: Dmitry Mostovoy <stavultras@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21943
Signed-off-by: Robert Marko <robimarko@gmail.com>
This allows us to use the full size of nand,
which extends ubi size from 64Mb to 122.25Mb.
1. Log in to the device and backup all the partitions,
especially unique "Factory" and "bdata" partitions
from System -> Backup / Flash Firmware -> Save mtdblock contents.
2. Install kmod-mtd-rw to unlock mtd partitions for writing
apk update && apk add kmod-mtd-rw && insmod mtd-rw i_want_a_brick=1
3. Write new OpenWrt (U-Boot Layout) "BL2" and "FIP":
mtd -e BL2 write openwrt-mediatek-filogic-cudy_wr3000s-v1-ubootmod-preloader.bin BL2
mtd -e FIP write openwrt-mediatek-filogic-cudy_wr3000s-v1-ubootmod-bl31-uboot.fip FIP
4. Set static IP on your PC: "192.168.1.254", gateway "192.168.1.1"
5. Serve openwrt-mediatek-filogic-cudy_wr3000s-v1-ubootmod-initramfs-recovery.itb
using TFTP server.
6. Connect Router LAN with PC LAN.
7. Cut off the power and re-engage, wait for TFTP recovery to complete.
8. After OpenWrt initramfs recovery has booted,
clean "/dev/mtd5" ubi partition to utilize maximum of free space:
ubidetach -p /dev/mtd5; ubiformat /dev/mtd5 -y; ubiattach -p /dev/mtd5
ubimkvol /dev/ubi0 -n 0 -N ubootenv -s 128KiB
ubimkvol /dev/ubi0 -n 1 -N ubootenv2 -s 128KiB
9. Perform sysupgrade.
Signed-off-by: Dmitry Mostovoy <stavultras@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21943
Signed-off-by: Robert Marko <robimarko@gmail.com>
This allows us to use the full size of nand,
which extends ubi size from 64Mb to 122.25Mb.
1. Log in to the device and backup all the partitions,
especially unique "Factory" and "bdata" partitions
from System -> Backup / Flash Firmware -> Save mtdblock contents.
2. Install kmod-mtd-rw to unlock mtd partitions for writing
apk update && apk add kmod-mtd-rw && insmod mtd-rw i_want_a_brick=1
3. Write new OpenWrt (U-Boot Layout) "BL2" and "FIP":
mtd -e BL2 write openwrt-mediatek-filogic-cudy_wr3000p-v1-ubootmod-preloader.bin BL2
mtd -e FIP write openwrt-mediatek-filogic-cudy_wr3000p-v1-ubootmod-bl31-uboot.fip FIP
4. Set static IP on your PC: "192.168.1.254", gateway "192.168.1.1"
5. Serve openwrt-mediatek-filogic-cudy_wr3000p-v1-ubootmod-initramfs-recovery.itb
using TFTP server.
6. Connect Router LAN with PC LAN.
7. Cut off the power and re-engage, wait for TFTP recovery to complete.
8. After OpenWrt initramfs recovery has booted,
clean "/dev/mtd5" ubi partition to utilize maximum of free space:
ubidetach -p /dev/mtd5; ubiformat /dev/mtd5 -y; ubiattach -p /dev/mtd5
ubimkvol /dev/ubi0 -n 0 -N ubootenv -s 128KiB
ubimkvol /dev/ubi0 -n 1 -N ubootenv2 -s 128KiB
9. Perform sysupgrade.
Signed-off-by: Dmitry Mostovoy <stavultras@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21943
Signed-off-by: Robert Marko <robimarko@gmail.com>
Since there are some similar devices from Cudy (only WR3000P now)
this will allow to create OpenWrt U-Boot layout for all of them
using same DDR4 target.
Signed-off-by: Dmitry Mostovoy <stavultras@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21943
Signed-off-by: Robert Marko <robimarko@gmail.com>
Doesn't make sense to have he_twt_required enabled without
he_twt_respodner.
Signed-off-by: Zhi-Jun You <hujy652@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/22577
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In hostapd conf this option is set to 1 by default.
Then it's set to 0 if the HE MAC capability bit is not present.
Add an option in wifi-scripts to manually control it.
Signed-off-by: Zhi-Jun You <hujy652@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/22577
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
a665659dee50 wifi: mt76: fix beacon monitor for MBSSID nontransmitted BSS
1b26f5f63d42 wifi: mt76: mt7996: Decrement sta counter removing the link in mt7996_mac_reset_sta_iter()
0c1dedac48c3 wifi: mt76: mt7996: Switch deflink to seclink only if link lookup does not fail
7fa21be01b97 wifi: mt76: mt7996: Rely on msta_link link_id in mt7996_vif_link_remove()
492a407111c3 wifi: mt76: mt7996: Account active links in valid_links fields
ade83e44eda0 wifi: mt76: mt7996: Move mlink deallocation in mt7996_vif_link_remove()
efebeea5c058 wifi: mt76: mt7996: Destroy vif active links in mt7996_remove_interface()
a4c790aef40d wifi: mt76: mt7996: Add mcu APIs to enable/disable vif links.
018f60316d4d wifi: mt76: mt7996: Destroy active sta links in mt7996_mac_sta_remove()
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Modern gawk rejects C-style /* ... */ comments in AWK code, treating
them as regex patterns where '*' has nothing to quantify. Replace all
such comments with AWK-style '#' comments in lantiq_bdi_conf.awk and
lantiq_ram_init_uart.awk.
Also replace the pattern 'if (x) /* comment */ else action' which used
a C comment as a null statement with the equivalent 'if (!x) action'.
Fixes build error:
awk: error: ? * + or {interval} not preceded by valid subpattern
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Link: https://github.com/openwrt/openwrt/pull/22458
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The VF2 boards store their ubootenv on /dev/mtd1 which is a SPI flash
partition. Add support for reading this partition in uboot-envtools,
and add the package into the VF2 image.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Add uboot-envtools support for JDCloud RE-CS-02 RE-CS-07 and RE-SS-01
Signed-off-by: Fire Chen <firedevel@icloud.com>
Link: https://github.com/openwrt/openwrt/pull/21787
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
NN6000v1 Specifications:
SoC: Qualcomm IPQ6000 1.2GHz
RAM: K4B4G1646E-BCMA 512MiB x2 = 1 GiB
Flash: FORESEE 256GB eMMC
ETH: QCA8075 (2x LAN, 1x WAN)
WLAN1: QCN5022 2.4GHz AX 2x2
WLAN2: QCN5052 5GHz AX 2x2
Power: DC 12V
Button: Reset, Wps
USB: 1x 3.0
NN6000v2 Specifications:
SoC: Qualcomm IPQ6000 1.2GHz
RAM: MT41K512M16VRN-107 IT:P 1GiB x2 = 2 GiB
Flash: FORESEE 256GB eMMC
ETH: QCA8075 (4x LAN, 1x WAN)
WLAN1: QCN5022 2.4GHz AX 2x2
WLAN2: QCN5052 5GHz AX 2x2
Power: DC 12V
Button: Reset, Wps
USB: 1x 3.0
Install via UART:
1. Download the initramfs image, rename it to
initramfs.itb, host it with the tftp server.
2. Interrupt U-Boot and run these commands:
tftpboot initramfs.itb
bootm
3. After openwrt boots up, use scp or luci web
to upload sysupgrade.bin to upgrade.
Install via Uboot WebUI:
- Only work when you flash a custom uboot with webui
- Push the reset button for 5 seconds, then use broswer to
access http://192.168.1.1/, then upload factory.bin.
Signed-off-by: Fire Chen <firedevel@icloud.com>
Link: https://github.com/openwrt/openwrt/pull/21787
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Add missing wpabuf_free calls to the hostapd_rrm_nr_set and
hostapd_rrm_beacon_req functions.
Signed-off-by: Vladimir Palevich <palevichva@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22538
Signed-off-by: Nick Hainke <vincent@systemli.org>
The hostapd configuration for SU-BEAMFORMEE was incorrectly using the
beamformer antenna count instead of the beamformee antenna count for the
[BF-ANTENNA-N] capability string.
Fix this by using config.beamformee_antennas instead.
Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22511
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
"qca,gpio-mask" used to be read between ath9k_hw_init() and
ath9k_init_queues(). After 12913c3c56
it is read in ath9k_of_init(), but it gets overwritten by
ath9k_gpio_cap_init() during the call of ath9k_hw_init(), and causes
https://github.com/openwrt/openwrt/issues/22340
If keeping the most of 12913c3c56,
ath9k_gpio_cap_init() could be patched to keep the existing non-zero
gpio mask (coming from device tree).
Tested on Netgear WNDR4500 v3:
[ 22.558083] ath9k 0000:00:00.0: enabling device (0000 -> 0002)
[ 22.569548] ath: phy1: Use overridden gpio mask 0xf6ff
Signed-off-by: Edward Chow <equu@openmail.cc>
Link: https://github.com/openwrt/openwrt/pull/22376
Signed-off-by: Robert Marko <robimarko@gmail.com>
If the user removes all /lib/apk/packages/*.conffiles* files to prevent
sysupgrade from preserving configuration, the glob no longer matches and
sysupgrade ends up calling cat on a non-existent path:
cat: can't open '/lib/apk/packages/*.conffiles_static': No such file or directory
Fix this by using find cmd.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Link: https://github.com/openwrt/openwrt/pull/22071
Signed-off-by: Robert Marko <robimarko@gmail.com>
No longer used. If swapping is desired, ralink,mtd-eeprom can be used.
Otherwise nvmem.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22207
Signed-off-by: Robert Marko <robimarko@gmail.com>
parent_tsf in struct rrm_measurement_beacon_report is le32 (32-bit),
but was being added with blobmsg_add_u16, truncating the value.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The beacon measurement token was not included in the ubus beacon-report
notification, causing consumers that need the token (e.g. for constructing
Beacon Metrics Response TLVs) to receive null.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Use blobmsg_add_u32 for non-bool fields in order to avoid wrong
interpretations of the data on JSON/ucode conversion.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The Reporting Detail value is a 1-byte field, but was written as le16,
producing a 2-byte write that also contradicts the length field of 1
in the subelement header.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The reporting detail subelement (up to 3 bytes) was not accounted for
in the wpabuf allocation, causing a crash when reporting_detail is set
to a valid value (0, 1, or 2).
Signed-off-by: Felix Fietkau <nbd@nbd.name>
After 02e2065203, it can happen that both,
[VHT160-80PLUS80] and [VHT160] are added to the vht_capab option in
an AP's hostapd.conf, which would cause a failure to start the AP.
Fix the logic in order to prevent such misconfiguration.
Fixes: #22481
Signed-off-by: Shine <4c.fce2@proton.me>
Link: https://github.com/openwrt/openwrt/pull/22482
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add support for Nokia Valyrian device that implement similar spec of an
Airoha AN7581 RFB board.
Link: https://github.com/openwrt/openwrt/pull/21761
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Use linux-firmware repository for IPQ5018, IPQ8074 and QCN9074.
All officially released firmware versions are available there.
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21833
Signed-off-by: Robert Marko <robimarko@gmail.com>
mt76 tracks the PSM state of a sta internally with a wcid flag. TX to
such clients is skipped based on the presence of this flag.
This flag was not added to the PS state notify handler for MT7915 chips.
Without this flag, mt76 queues pending frames to the hardware,
accounting for airtime when a PSM notification is received while in a TX
iteration.
Set the PS flag for the STA WCID to prevent this from happening. TX gets
skipped in presence of this flag.
Link: https://patchwork.kernel.org/project/linux-wireless/patch/20260313112502.2026974-1-mail@david-bauer.net/
Signed-off-by: David Bauer <mail@david-bauer.net>
Add a help text for the new --force-reinstall option, so that users
will actually find the new option.
(Also refresh patches)
Improves: 91cff1a "apk: add --force-reinstall option"
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/22426
Signed-off-by: Robert Marko <robimarko@gmail.com>
Remove unmatched endif.
fixes: 2948dbebbf ("mac80211: use OpenWrt mirror for b43 fw downloads")
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/22430
Signed-off-by: Robert Marko <robimarko@gmail.com>
% git shortlog v1.0.20250521..v1.0.20260223
Doug Freed (1):
wg-quick@.service: add deps on wg-quick.target
Jason A. Donenfeld (8):
wg-quick: linux: use smallest mtu, not largest
syncconf: account for psks removed from config file
wg-quick: linux: deal with resolvconf migration more gracefully
wg-quick: use addconf instead of setconf
wg-quick: linux: do not unnecessarily set sysctl
config: preserve const correctness
syncconf: account for persistent keepalive removed from config file
version: bump
Robyn Kosching (1):
wg-quick: pass on # comments to {Pre,Post}{Up,Down}
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/22190
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Release Notes:
https://github.com/madler/zlib/blob/v1.3.2/ChangeLog
We also switch package tarball source to GitHub repository releases
to avoid package hash mismatch after the zstd upgrade.
The 005-* patch was suppressed by the upstream commit 15ba5055a935
("CMake: Adapt pkgconfig-file to the GnuInstallDirs layout.")
This patch also adjust the zlib.pc file path as it was changed in
the latest release.
The mipsel_24kc 'zlib' package size will increase by about 1 kB.
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/21228
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
There is no point in printing the missing M3 memory dump adress message
on each boot under the warning level, as not all boards need it at all.
So, degrate it to a debug print with QMI mask.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Originally, the .compatible string for EAP623-Outdoor HD tried to
shorten the "-outdoor" to "od". However, this naming was inconsistent
with the existing "eap610-outdoor". As "od" is not a common shorthand,
spell out the complete word: "eap623-outdoor-hd-v1".
Fixes: 5dbf93c8c5 ("ipq60xx: add support for TP-Link EAP623-Outdoor HD v1")
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18804
Signed-off-by: Robert Marko <robimarko@gmail.com>
* e3f6a41 main: exit 1 when showing the usage
* b17c31f main: exit 1 on getopt() errors
* e086664 lexer: fix a minor memleak in jp_get_token()/match_token()
* e5a07f4 main: defer processing until options are processed
* afe72ad main: usage spell fixes
Signed-off-by: Paul Spooren <mail@aparcar.org>
58eb263 instance: don't print error in case cgroups are disabled
9baf019 instance: use positive error numbers for strerror()
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This adds kernel packages for the Microchip KSZ9477 switch family.
The core package has a target specific dependency as the ksz9477
driver enables DCB which grows the kernel size and can negatively
impact other targets.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Link: https://github.com/openwrt/openwrt/pull/22257
Signed-off-by: Robert Marko <robimarko@gmail.com>
Makes it clear that the allocation is dealing with a flex array member.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21960
Signed-off-by: Robert Marko <robimarko@gmail.com>
This is nearly identical to what landed in ath-next for v7.1, aside from
resolving a couple conflicts. A separate patch has been added to replace
CONFIG_THERMAL with CPTCFG_ATH12K_THERMAL so the setting may be enabled
via menuconfig (as is done with ath10k and ath11k).
Note that at this stage, throttling has not been implemented upstream,
hence the slight change in wording versus existing options.
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.6-01243-QCAHKSWPL_SILICONZ-1
Link: https://patch.msgid.link/20260223132622.43464-1-maharaja.kennadyrajan@oss.qualcomm.com
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/22280
Signed-off-by: Robert Marko <robimarko@gmail.com>
22fb70661799 fix flex array not at end of struct
6a5c4716ca25 convert memcpy + ETH_GSTRING_LEN to ethtool_puts
Signed-off-by: Robert Marko <robimarko@gmail.com>
a52cdb354d13 dns: validate IPv4 record addresses
b798c24205b5 dns: validate IPv6 record addresses
a3dcb4adc635 dns: validate reverse dns query name lengths
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
This commit adds support for Gemtek (Centurylink/Lumen/Quantum Fiber)
W1700K.
Device specification
--------------------
SoC Type: Airoha AN7581
RAM: ESMT M16U8G16512A (2GB)
Flash: Winbond 25N04KVZEIR (512MB)
Ethernet: 2x gigabit via AN7581, 2x 10g via RTL8261N
Wi-Fi: MT7996 - BE19000
LEDs: 1 LED, power/status
Button: Reset
USB ports: None
Bootloader: U-Boot 2014.04-rc1 (Jun 12 2024 - 08:14:34) AXON 2.0
Fan: 1x controlled by Nuvoton NCT7511Y
This device is pretty useless with the stock firmware as it requires an
account to completely set it up. Additionally, the vendor bootloader is
signed and uses Airoha/Mediatek's BBT/BMT for bad block management on
the flash. It does not support UBI, thus kernel updates are subject to
BMT/BBT which OpenWrt does not support. In turn, if a kernel update
happens and a block is marked bad in the process, the device will fail
to boot and will need to be recovered via serial.
The workaround is to chainload U-Boot in place of the kernel, as it
should not need frequent updates and thus should not cause BBT/BMT to
misbehave and soft-brick the device. Upstream U-Boot supports loading
a FIT image from UBI, so we create a UBI partition for the new u-boot
env, FIT image and factory data. This way, bad blocks are managed by UBI
instead, which will not soft-brick the device should a block be marked
bad during a normal OpenWrt update. Users wishing to update U-Boot can
do so, but should be prepared to recover if a block goes bad.
Because the device is not useful with stock firmware, this is a one-way
ticket for most users and reverting will not be documented.
The following steps can be used to install OpenWrt on the W1700K.
Connect to serial console. There is a Torx T10 screw underneath the QR
code printed onto the label. Then, pry between the gray and white
plastic, starting by the ports on the back. There are clips arount the
entire device. Starting closest to the screw next to the UART header,
TX - GND - VCC - N/A - RX. The bootloader can be interrupted by
pressing any key.
Configuring Vendor Bootloader and Installing U-Boot Chainloader:
The bootloader's default bootcmd will only run a signed image. However,
we can still bootm our own image from flash.
NOTE: The vendor's ethernet drivers are flaky. You may have to reboot
and try the tftpboot part several times for it to work.
- setenv one flash read 0x600000 0x1000000 \$loadaddr
- setenv two "; bootm"
- setenv bootcmd "$one$two"
- setenv one
- setenv two
- saveenv
- setenv serverip 192.168.1.10; setenv ipaddr 192.168.1.1; tftpboot
0x89000000 openwrt-airoha-an7581-gemtek_w1700k-ubi-chainload-uboot.itb
- flash erase 0x600000 0x100000
- flash write 0x600000 0x100000 0x89000000
- reset
The device will now reboot into the U-Boot chainloader.
Loading the W1700K UBI Installer:
The installer can be downloaded at
https://github.com/hurrian/w1700k-ubi-installer/releases
- Boot the installer via the TFTP option in the U-Boot menu. This
process is automatic, though you may be prompted to answer some
questions.
- Once it is done, you may upgrade to your preferred build.
- For more information: https://github.com/hurrian/w1700k-ubi-installer
For those wishing to explore the stock firmware:
Rooting Stock FW (for making backups, recommended):
- Boot the router and watch serial console until presented with failsafe
mode. Enter it (f + enter).
- mount_root
- Change the root password (passwd).
- Open /etc/config/axon_platform_manager and set sshServerEnable,
localAccessEnable and remoteAccessEnable to 1.
- Search for "SSH". You'll find a long string with 3 matches such as
Enabled%25252c1%25252cSSH%Drop. Change any instances of "Disabled"
preceding SSH to "Enabled" and any instances of "Drop" to "Accept"
that follow SSH. Same for "Local SSH" and "Remote SSH".
- Set /etc/config/dropbear to:
config dropbear
option PasswordAuth 'on'
option RootPasswordAuth 'on'
option Port '22'
- Reboot.
- Connect 10g WAN port to existing network and SSH in with the password
you set.
- SSH into rooted stock fw.
Signed-off-by: Andrew LaMarche <andrewjlamarche@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17869
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
When the virtual package "uci-firewall" is installed, the choice
between "firewall" and "firewall4" is arbitrary, sometimes resulting
in one, sometimes the other.
Set the default variant on "firewall4" to make it the preferred
package when installed as a dependency.
Link: https://forum.openwrt.org/t/owut-openwrt-upgrade-tool/200035/1126
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22328
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Instead of directing users to the useless 'man 8 apk', we direct
them to the wiki help page.
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22271
Signed-off-by: Robert Marko <robimarko@gmail.com>
Allow reinstalling already-installed packages without a version change.
Only the named packages are reinstalled, not their dependencies.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Hardware
========
SoC: Qualcomm IPQ4018
ETH: Qualcomm QCA8075 (2 x RJ-45)
WDG: OnSemi SCT706
RAM: Micron MT41K128M16JT-125 (256MB)
NOR: Infineon S25FL512S (64MB)
Installation
============
1. Create a ramboot-able image with the command
{ dd if=/dev/zero bs=32 count=1 2>/dev/null; \
cat openwrt-ipq40xx-generic-huawei_ap4050dn-initramfs-uImage.itb; \
} > ramboot.bin`
2. Start a TFTP server in the folder with the ramboot.bin.
3. Plug in a USB-RJ45 serial adapter to the CONSOLE port of the device
and start a serial console session with
9600 baud, no parity, 1 stop bit.
4. Plug in either 12V power or PoE to the device.
5. On the prompt `Press f or F to stop Auto-Boot in 3 seconds`,
press `f` to enter the Huawei U-Boot command line
6. Enter a new password for the u-boot command line
7. In the command line, run these commands to ramboot OpenWrt:
setenv serverip <IPv4 address of TFTP server>
setenv ipaddr <IPv4 address for this AP>
setenv rambootfile ramboot.bin
run ramboot
8. In OpenWrt, set up the network and then `scp` the files
`u-boot-huawei_ap4050dn/uImage` and
`openwrt-ipq40xx-generic-huawei_ap4050dn-squashfs-sysupgrade.bin`
into `/tmp/`
9. To backup the original firmware, run the following:
cat /dev/mtd12 /dev/mtd13 > huawei_ap4050dn_fw_backup.bin.bin
10. Run the following commands to flash u-boot and OpenWrt to the device:
mtd erase uboot
mtd write /tmp/uImage uboot
sysupgrade -n /tmp/openwrt-ipq40xx-generic-huawei_ap4050dn-squashfs-sysupgrade.bin
11. The device should now boot OpenWrt! (sometimes the boot process takes a bit
longer due to the watchdog resetting the device before the watchdog driver runs)
Signed-off-by: Marco von Rosenberg <marcovr@selfnet.de>
Add support for the Huawei AP4050DN. Due to vendor bootloader size
limitations, we require a second-stage U-Boot.
Signed-off-by: Marco von Rosenberg <marcovr@selfnet.de>
memcpy() with overlapping src and dest buffers is an undefined behavior
in C. In the current code, a ConfRej response is generated by copying
input data in-place, where the dest address is lower than the src.
This happens to work in practice because memcpy() forward-copies data,
matching the behavior of memmove() in this case.
However, if FORTIFY_SOURCE or Address Sanitizer is enabled, memcpy()
will detect the overlap at run time and abort the program.
Replace the memcpy() with memmove() to ensure a well-defined behavior.
Reported-by: Filippo Carletti <filippo.carletti@gmail.com>
MRU patch https://github.com/ppp-project/ppp/pull/573
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22286
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Embed gpio_led struct in ath_led. Simpler Allocation.
Use a flex array for the name. Allows using a single allocation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21933
Signed-off-by: Robert Marko <robimarko@gmail.com>
ath79 at this point supports no ath5k devices.
The only targets with ath5k usage are bcm47xx, ixp4xx, and lantiq.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19848
Signed-off-by: Robert Marko <robimarko@gmail.com>
The single user of the downstream gpio-cascade driver has been switched
to use the upstream gpio-line-mux driver. Thus, we can drop the former
now.
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22206
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add the GPIO line mux driver as a kernel module for selected usage by
devices.
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22206
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add support for Richtek RTQ6056 Current and Power Monitor ADC.
RTQ6056 is a high accuracy current-sense monitor with I2C and SMBus
compatible interface, and the device provides full information for
system by reading out the load current and power.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add a label to the spi node to allow device trees to reference it
(i.e. to mark status = "okay").
Signed-off-by: Dirk Buchwalder <buchwalder@posteo.de>
Link: https://github.com/openwrt/openwrt/pull/22151
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Due to issues surrounding the implementation of the vendor BMT/BBT
on Airoha, upstream ATF + uboot has switched to UBI flash partitions.
However, some devices shipped on this platform are bootloader locked,
and thus it is impossible to replace ATF + uboot.
During testing for the Gemtek W1700K (#17869), sysupgrades from Linux
(which is unaware of the underlying BMT/BBT) would occasionally write
data into blocks which were remapped by the vendor uboot when it was
read on the following reboot, causing a soft brick.
An acceptable workaround [1],[2] was discussed where an intermediate
uboot would be written by the vendor uboot (which is aware of Airoha
BMT/BBT). This chainloader would then ignore the regions of flash
used by the vendor uboot, and store all relevant data inside of UBI.
UBI would then be used to handle bad block management. As the vendor
ATF + uboot do not read or interact with the UBI region, we would avoid
unwanted remaps from BMT/BBT.
This commit introduces support for building such a chainloader, by
packaging u-boot and DTS into a FIT image; to be flashed like a kernel.
Configuration for the Gemtek W1700K is provided as an example of how the
chainloader is used.
[1] https://github.com/openwrt/openwrt/pull/17869#discussion_r2836066746
[2] https://github.com/openwrt/openwrt/pull/17869#discussion_r2838395671
Signed-off-by: Kenneth Kasilag <kenneth@kasilag.me>
[ move FIP_COMPRESS to Build/Compile, wrap some long lines ]
Link: https://github.com/openwrt/openwrt/pull/22151
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
It is more accurate to describe the contents of the FIP as
compressed, instead of the FIP itself becoming compressed.
Update variable naming accordingly.
Signed-off-by: Kenneth Kasilag <kenneth@kasilag.me>
Link: https://github.com/openwrt/openwrt/pull/22151
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
OpenWrt issue:
https://github.com/openwrt/openwrt/issues/16183
Problem summary:
On qualcommax (ipq60xx/ipq807x) with ath11k, monitor-mode captures contain
frames that are consistently longer than expected by 8 bytes.
The symptom is visible in pcap/radiotap captures, and Wireshark parsing
becomes correct after manually cutting these 8 bytes from captured frames.
This patch:
- Remove merge-stage FCS/tail manipulations in ath11k_dp_rx_mon_merg_msdus().
- add length fix in ath11k_dp_rx_mon_deliver(), trim 8 bytes right
before radiotap update and delivery to mac80211.
This targets monitor capture length correctness only and keeps the fix scoped
to the monitor RX delivery path.
Tested-on: ipq8072 yuncore,ax880; ipq6018 yuncore,ax840; yuncore,fap650
Signed-off-by: Ruslan Isaev <legale.legale@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22244
Signed-off-by: Robert Marko <robimarko@gmail.com>
Port drivers for the hardware true random number generator found in
MediaTek SoCs and enable them for all boards.
This has the side-effect of U-Boot now providing '/chosen/kaslr-seed'
to Linux which is required to enabled KASLR.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add support for Airoha EN7581/AN7583 NPU variant firmware present in
linux-firmware. The Airoha EN7581 NPU variant is to support devices
equipped with the MT7996 WiFi chip.
While at it also add an extra new line to follow pattern of double new line to
separate each firmware package.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The fs_wait_for_key function runs multiple background processes that all
try to delete the same temporary file ($keypress_wait) when they exit.
This creates a race condition where one process successfully deletes the
file while others fail with ENOENT.
Busybox rm only suppresses "file not found" errors during the initial lstat()
check, not during the actual unlink() call. This causes error messages in the
boot log even with rm -f:
rm: can't remove '/tmp/tmp.hKjPDH': No such file or directory
Fixed by redirecting stderr to /dev/null for rm calls in concurrent contexts.
This change does not affect functionality and only avoids confusing log
output during boot.
Signed-off-by: Oliver Sedlbauer <os@dev.tdt.de>
Link: https://github.com/openwrt/openwrt/pull/22079
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Several OpenWrt-related fixes are included in this release.
Drop upstreamed patches and refresh the rest.
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
Link: https://github.com/openwrt/openwrt/pull/22240
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Introduce the devpath option to find the control channel device from a
hardware path for a USB or a WWAN device.
This option is useful when there are multiple modems connected to the
system. The name of the control channel device of a modem can change
depending on which modem initialises first or if it was recently plugged
in. The devpath option allows specifying the hardware path of the modem
where the control channel device will be found using that.
For the USB device hardware path, it is allowed to specify the USB port
number the modem is directly connected to.
If the device and devpath options are both set, devpath takes precedence
over device.
The USB device hardware path of a control channel device can be found by:
readlink -f /sys/class/usbmisc/cdc-wdmX/device
The WWAN device hardware path of a control channel device can be found by:
readlink -f /sys/class/wwan/wwanXqmiX/device
An example uci configuration would be:
config interface 'wwan_usb1'
option proto 'qmi'
option auth 'none'
option devpath '/sys/devices/platform/1e1c0000.xhci/usb1/1-1'
option apn 'internet'
option pdptype 'ipv4v6'
Or:
config interface 'wwan_pcie1'
option proto 'qmi'
option auth 'none'
option devpath '/sys/devices/platform/soc/11280000.pcie/pci0003:00/0003:00:00.0/0003:01:00.0'
option apn 'internet'
option pdptype 'ipv4v6'
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Introduce the devpath option to find the control channel device from a
hardware path for a USB or a WWAN device.
This option is useful when there are multiple modems connected to the
system. The name of the control channel device of a modem can change
depending on which modem initialises first or if it was recently plugged
in. The devpath option allows specifying the hardware path of the modem
where the control channel device will be found using that.
For the USB device hardware path, it is allowed to specify the USB port
number the modem is directly connected to.
If the device and devpath options are both set, devpath takes precedence
over device.
The USB device hardware path of a control channel device can be found by:
readlink -f /sys/class/usbmisc/cdc-wdmX/device
The WWAN device hardware path of a control channel device can be found by:
readlink -f /sys/class/wwan/wwanXmbimX/device
An example uci configuration would be:
config interface 'wwan_usb1'
option proto 'mbim'
option auth 'none'
option devpath '/sys/devices/platform/1e1c0000.xhci/usb1/1-1'
option apn 'internet'
option pdptype 'ipv4v6'
Or:
config interface 'wwan_pcie1'
option proto 'mbim'
option auth 'none'
option devpath '/sys/devices/platform/soc/11280000.pcie/pci0003:00/0003:00:00.0/0003:01:00.0'
option apn 'internet'
option pdptype 'ipv4v6'
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
The &pointer + 1 trick is a C89 trick to point to area allocated after
the size of the struct. We have struct_size and flex arrays now.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22170
Signed-off-by: Robert Marko <robimarko@gmail.com>
This reverts commit c053b22573.
KSZ DSA driver is the only thing in the kernel selecting DCB support
instead of depending on it if required.
So, it will enable DCB support without asking and we do not want the
kernel size increase, as well as current Layerscape ARMv8 build failure.
So, revert this until its fixed upstream or worked around.
Signed-off-by: Robert Marko <robimarko@gmail.com>
This access point is a ‘friend’ of the T56 supplied by Odido but with DDR3 RAM and with two Ethernet 2.5 (GPY211)
The flash procedure is similar to other Zyxel T56/EX5600/EX5601
If you need backup please use the T56 guide
Please refer to https://openwrt.org/inbox/toh/zyxel/wx5600-t0 for detailed flash informations
Specifications:
SOC: MT7986b
RAM: 512MB
Flash: 512 MB SPI NAND
Ports: 2 LAN 2.5Gbps (GPY211C)
WIFI: MT7976GN + MT7976AN
LED: 3 bicolor LED - 1 monocolor LED
Buttons: Reset and WPS
We can install all with U-boot and mtk_uartboot.
Load Uboot:
```
./mtk_uartboot -a -p ./mt7986-ram-ddr3-bl2.bin -s /dev/ttyUSB0 -f openwrt-mediatek-filogic-zyxel_wx5600-t0-ubootmod-bl31-uboot.fip
```
**WARNING: Please use a GBIT ethernet or force it on system**
**WARNING: Please use only LAN2 port in Uboot**
Press 0 on Bootmenu
```
mtd erase ubi
run ubi_format
bootmenu
```
Load and write BL2 and U-boot:
```
8
7
```
Load and write recovery and production
```
6
5
```
Signed-off-by: Valerio 'ftp21' Mancini <ftp21@ftp21.eu>
Co-authored-by: Hal Martin <halmartin@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18364
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This access point is a ‘friend’ of the T56 supplied by Odido but with DDR3 RAM and with two Ethernet 2.5 (GPY211)
The flash procedure is similar to other Zyxel T56/EX5600/EX5601
If you need backup please use the T56 guide
Please refer to https://openwrt.org/inbox/toh/zyxel/wx5600-t0 for detailed flash informations
We can install all with U-boot and mtk_uartboot.
Load Uboot:
```
./mtk_uartboot -a -p ./mt7986-ram-ddr3-bl2.bin -s /dev/ttyUSB0 -f openwrt-mediatek-filogic-zyxel_wx5600-t0-ubootmod-bl31-uboot.fip
```
**WARNING: Please use a GBIT ethernet or force it on system**
**WARNING: Please use only LAN2 port in Uboot**
Press 0 on Bootmenu
```
mtd erase ubi
run ubi_format
bootmenu
```
Load and write BL2 and U-boot:
```
8
7
```
Load and write recovery and production
```
6
5
```
Signed-off-by: Valerio 'ftp21' Mancini <ftp21@ftp21.eu>
Link: https://github.com/openwrt/openwrt/pull/18364
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add menuconfig options to include modules for (virtio) vsockets. These are
used when running as Guest OS in a VM.
OpenWRT can be run in a vm (mostly commonly on the x86/64 and armsr
targets). Often it is convenient to have some sort of guest agent running,
to ease communication from host to guest.
Virtual Sockets provide this communication channel.
Virtio is a transport for this communication channel.
Virtual Sockets over virtio are for example used by Incus.
Virtual Sockets in general are used by most hypervisors, including VMware,
Hyper-V, and libvirt (qemu). These may need other transport-specific
modules not included in this commit.
Signed-off-by: Mathijs Rietbergen <mathijs.rietbergen@proton.me>
There are a number of pse chips already present in upstream Linux.
OpenWrt is starting to support a number of devices can contain various pse
chips. But having all the pse chip combinations defined at the target
level will result in bloat on images.
Present the current upstream Linux pse drivers as packages so that they
can be selectively included per board (rather than per target).
Signed-off-by: Bevan Weiss <bevan.weiss@gmail.com>
[Make it depend on REGULATOR_SUPPORT, and !SMALL_FLASH]
Link: https://github.com/openwrt/openwrt/pull/22172
Signed-off-by: Robert Marko <robimarko@gmail.com>
Bump uboot-stm32 to upstream release 2026.01.
Two upstream patches were backported to resolve silent crash on
STM32MP135F-DK board.
Signed-off-by: Thomas Richard <thomas.richard@bootlin.com>
Link: https://github.com/openwrt/openwrt/pull/21965
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The key variable is not defined in the scope when setting wpa_psk. Use
config.key instead.
This fixes configuration the 64 characters wpa_psk directly.
Reported-by: donjoe in OpenWrt Forum
Link: https://github.com/openwrt/openwrt/pull/22182
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
75bedc5 wireless-regdb: Update regulatory info for Australia (AU) for 2025
a6e5195 wireless-regdb: Update broken link in regulatory.bin(5) manpage
9e8c67f wireless-regdb: Update regulatory info for Malaysia (MY) for 2024
61a4637 wireless-regdb: Update regulatory info for Malaysia (MY) for 2025
5cefe55 wireless-regdb: Update regulatory info for Tunisia (TN) on 6GHz for 2025
1a729ae wireless-regdb: Update regulatory info for Canada (CA) for 2025
ea20dfa wireless-regdb: update regulatory database based on preceding changes
Link: https://github.com/openwrt/openwrt/pull/22150
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Due to a missing include, the constant UINT_MAX is undefined. This
fixes issues when building v25.12.0-rc5. Including a newer version of
iproute2 would include the patch, but causes other building issues.
Signed-off-by: Jonas Lochmann <openwrt@jonaslochmann.de>
Link: https://github.com/openwrt/openwrt/pull/22128
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This adds kernel packages for the Microchip KSZ9477 switch family.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Link: https://github.com/openwrt/openwrt/pull/22120
Signed-off-by: Robert Marko <robimarko@gmail.com>
sc->gpiochip is assigned to gc when it should be the other way around.
This allows gpiod_free to work properly.
Fixes: e78dc2eae4 ("mac80211: ath9k: clean up gpiochi")
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22158
Signed-off-by: Robert Marko <robimarko@gmail.com>
It looks like commit 6d2f3b1b19 ("package: kernel: dtc: Add DTO support")
added this patch file 9 years ago without it ever being applied anywhere.
Back then there wasn't even a 'dtc' package, but we just used 'dtc' from
the Linux kernel sources.
Nowadays there is package/utils/dtc which is used to build dtc to be used
on the target (*not* a host-build!), and it of course already contains
support for device tree overlays since v1.4.3 from 2017...
This reverts commit 6d2f3b1b19.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Link: https://github.com/openwrt/openwrt/pull/22118
Signed-off-by: Robert Marko <robimarko@gmail.com>
Use substr() instead of array index syntax to access the first
character of the endpoint host string, as ucode does not support
array-style indexing on strings.
Fixes: https://github.com/openwrt/openwrt/issues/22116
Fixes: 8f977b4a40 ("wireguard-tools: fix handling of multi-value config options")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
180ffcc instance: use mkdir_p helper
9493a3d signal: handle SIGUSR1 as halt
4dd22d0 cgroups: fix syntax error
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Config options like addresses and ip6prefix can be passed as either a
space-separated string or an array. Add a to_array() helper and use it
consistently for all multi-value options (addresses, ip6prefix,
allowed_ips).
Fixes: https://github.com/openwrt/openwrt/issues/22102
Fixes: 41bc454602 ("wireguard-tools: rewrite proto handler in ucode")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Without initializing pwd_group, it's set to 0, which is reserved value.
When EAP-PWD is used in wpa_supplicant/eapol_test, next error is seen:
EAP-PWD: Server EAP-pwd-ID proposal: group=0 random=1 prf=1 prep=0
EAP-pwd: Unsupported or disabled proposal
Signed-off-by: Yaroslav Isakov <yaroslav.isakov@gmail.com>
Secondary BSSes inherit the alloc value which bypasses
NL80211_ATTR_VIF_RADIO_MASK in nl80211_create_iface() and causes the
kernel to default new interfaces to all radios.
The ucode bss_create fallback fails to correct this because
the interface is already UP.. the kernel rejects SET_INTERFACE with
-EBUSY.
Signed-off-by: Chad Monroe <chad@monroe.io>
Forward the OpenWrt CPPFLAGS to the compile process. This fixes fortify
sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add the OpenWrt CPPFLAGS to the CFLAGS. ebtables does not
support CPPFLAGS. This fixes fortify sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add the OpenWrt CPPFLAGS to the CFLAGS. arptables does not
support CPPFLAGS. This fixes fortify sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add the OpenWrt CPPFLAGS to the FLAGS. iwinfo does not support CPPFLAGS.
This fixes fortify sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add the OpenWrt CPPFLAGS to the CFLAGS. zyxel-bootconfig does not
support CPPFLAGS. This fixes fortify sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Forward the OpenWrt CPPFLAGS to the compile process. This fixes fortify
sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add the OpenWrt CPPFLAGS to the CFLAGS. wireless-tools does not
support CPPFLAGS. This fixes fortify sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Forward the OpenWrt CPPFLAGS to the compile process. This fixes fortify
sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Forward the OpenWrt CPPFLAGS to the compile process. This fixes fortify
sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Forward the OpenWrt CPPFLAGS to the compile process. This fixes fortify
sources support.
Allow to extend the CPPFLAGS and not only overwrite.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add the OpenWrt CPPFLAGS to the CFLAGS. bzip2 does not support CPPFLAGS.
This fixes fortify sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Forward the OpenWrt CPPFLAGS to the compile process. This fixes fortify
sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Forward the OpenWrt CPPFLAGS to the compile process. This fixes fortify
sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Forward the OpenWrt CPPFLAGS to the compile process. This fixes fortify
sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Forward the OpenWrt CPPFLAGS to the compile process. This fixes fortify
sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changes:
* update to v2026.01 (this brings up EN7523 SoC support)
* drop upstream patches
* refresh and adapt an7583 support patches (changes based on
https://github.com/Ansuel/openwrt/commits/main-airoha-6.12/)
* add ethernet switch mdio support from upstream U-Boot
Notable changes:
* make an7583 memory initialization similar to an7581 one
* add an7583 scu/chip_scu helpers to access scu/chip_scu regmaps.
* fix misprint in an7583 'system-controller@1fb00000' node name
* always use board dts for nand partitioning
Notes about en7523 support
--------------------------
This set of patches brings up more or less complete support of EN7523 SoC.
Unfortunately, building of en7523 bootloader will require en7523-bl2.bin
and en7523-bl31.bin blobs which is not available at the moment.
This is the only known blocker for adding en7523 bootloader support.
Signed-off-by: Mikhail Kshevetskiy <mikhail.kshevetskiy@iopsys.eu>
Link: https://github.com/openwrt/openwrt/pull/21984
Signed-off-by: Robert Marko <robimarko@gmail.com>
CMCC MR3000D-CI is a 2.4/5 GHz band 11ax (Wi-Fi 6) router, based on
IPQ5000.
Device specification
--------------------
- SoC : Qualcomm IPQ5018
- RAM : 512 MiB DDR3L
- Flash : 128 MiB SPI-NAND (GigaDevice GD5F1GQ5REYIG)
- WLAN : 2.4/5 GHz 2T2R
- 2.4 GHz : Qualcomm IPQ5018 (SoC)
- 5 GHz : Qualcomm Atheros QCN6102
- Ethernet : 4x 10/100/1000 Mbps
- Switch : Qualcomm Atheros QCA8337
- LEDs/Keys (GPIO) : 2x LEDs, 2x Buttons
- UART : Through-hole on PCB
- Voltage : 3.3 V
- Assignment : Silkscreened on PCB
- Settings : 115200n8
- Power : 12 VDC, 1.5 A
Installation
-----------------
1. Telnet method
a. Enable telnet
Log in to http://192.168.10.1/ with the password on the sticker
Modify URL according to example (keep your unique hash after ";stok=")
and press Enter:
http://192.168.10.1/cgi-bin/luci/;stok=78becad1b1490e45be2776025cde2b7d/api/NPCnetwork/ping?url=$(telnetd)
You should get the following in the browser:
{"link":0}
b. Run tftp server on IP 192.168.10.254 and put factory image
'openwrt-qualcommax-ipq50xx-cmcc_mr3000d-ci-squashfs-factory.ubi'
in the tftp root dir.
c. Login to 192.168.10.1 with telnet (user: root, pass: from the
sticker).
d. Download factory image from the tftp:
tftp -l factory.ubi -r openwrt-qualcommax-ipq50xx-cmcc_mr3000d-ci-squashfs-factory.ubi -g 192.168.10.254
e. Flash factory image:
export rootfs=$(cat /proc/mtd | grep rootfs | grep -v _ | cut -d: -f1)
ubidetach -f -p /dev/${rootfs}
ubiformat /dev/${rootfs} -y -f /tmp/factory.ubi
f. Reboot:
reboot
2. U-Boot Method using UBI Image (using UART)
a. Place the factory.ubi file on your TFTP server, enter U-Boot CLI
and exec these commands:
tftpboot <your_tftp_server_ip>:factory.ubi
flash rootfs
reset
3. U-Boot Method using initramfs Image (using UART)
a. Place the openwrt-*-initramfs-fit-uImage.itb file on your TFTP
server and rename it to initramfs.bin
b. Enable serial console, enter to U-Boot CLI and exec these commands:
tftpboot <your_tftp_server_ip>:initramfs.bin
bootm
c. Once boot completed, upload the sysupgrade.bin file to router's
/tmp directory (using scp or wget) and execute the following command
in openwrt shell:
sysupgrade -n /tmp/sysupgrade.bin
MAC Addresses
-------------
+--------------+-------------------+-------------+
| Interface | MAC example | Location |
+--------------+-------------------+-------------+
| LAN | 84:7a:xx:xx:xx:dd | 0:ART, 0x6 |
| WAN (label) | 84:7a:xx:xx:xx:dc | 0:ART, 0x0 |
| WLAN 2.4 GHz | 84:7a:xx:xx:xx:de | 0:ART, 0xc |
| WLAN 5 | 84:7a:xx:xx:xx:df | 0:ART, 0x12 |
+--------------+-------------------+-------------+
Notes
-----
1. U-Boot is protected by a password (pass: netpower).
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21952
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add optional chaining when accessing device config in the wifi-iface
loop to handle cases where a referenced device doesn't exist.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit ebd2fefea5152d032cded1ccc7cf6e731b5bbcc2)
This should not be defaulted to anything in the schema.
What seemed like a minor cleanup actually broke this
as the schema defines a default value already. I did
not notice as I had this explictly set in my config.
Fixes: 70ba7512 ("wifi-scripts: ucode: allow sae_pwe to be modified for AP mode")
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/22043
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Some Android devices have issues with H2E causing downgrades to PSK
when using WPA2/3. With WPA3 it doesn't work reliably whatsoever.
My Samsung A55/6 for example has the following behavior:
daemon.info hostapd: lan5g: STA <redacted> IEEE 802.11: authenticated
daemon.notice hostapd: SAE: <redacted> indicates support for SAE H2E, but did not use it
daemon.info hostapd: lan2g: STA <redacted> IEEE 802.11: authenticated
daemon.info hostapd: lan2g: STA <redacted> IEEE 802.11: associated (aid 1)
daemon.notice hostapd: lan5g: Prune association for <redacted>
daemon.notice hostapd: lan2g: AP-STA-CONNECTED <redacted> auth_alg=open
daemon.info hostapd: lan2g: STA <redacted> RADIUS: starting accounting session 8234C696AAC1AE7D
daemon.info hostapd: lan2g: STA <redacted> WPA: pairwise key handshake completed (RSN)
daemon.notice hostapd: lan2g: EAPOL-4WAY-HS-COMPLETED <redacted>
This is also brought up in the issue: https://github.com/openwrt/openwrt/issues/9963
Ultimately this allows users to have the option to at the very least
disable H2E.
Unrelated: a minor cleanup was done so that ieee80211w uses set_default instead.
There is no functional change on that front.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/22021
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
EN7528 shares the same clock/reset controller as EN7523. Enable
COMMON_CLK_EN7523 and RESET_CONTROLLER for ethernet hardware resets.
Update econet-eth driver and add it as default package.
Signed-off-by: Ahmed Naseef <naseefkm@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21326
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
- uclient-fetch timeout bumped from 5s to 15s. If we do not do this
we get flagged by HE as the update request is expensive and takes
more than 5s to execute. Currently 5s timeout causes uclient-fetch
to be killed prematurely as can be seen by the following log:
10:34:57 user.notice 6in4-henet: update 1/3: timeout
10:35:07 user.notice 6in4-henet: update 2/3: timeout
10:35:17 user.notice 6in4-henet: update 3/3: timeout
10:35:22 user.notice 6in4-henet: update failed
The above is the worst case, what usually happens is:
10:53:59 user.notice 6in4-henet: update 1/3: timeout
10:54:06 user.notice 6in4-henet: update 2/3: abuse
10:54:06 user.notice 6in4-henet: updated
- We now use an exponential backoff starting from 5 seconds.
- Detect ca-bundle so we don't use --no-check-certificates
unnecessarily.
- The while loop was changed so we don't retry unnecessarily
after the final failure.
- Worst-case total time the update operation might take before
bailing out is:
(sum(15 + (5 × (2^(x − 1))), 1, 2) + 15) seconds = 1 min
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/22016
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
I botched the rebase of ipq-wifi, so fix it.
Fixes: 67e6baf05e ("qualcommax: ipq60xx: add Netgear RBx350 support")
Signed-off-by: Robert Marko <robimarko@gmail.com>
The Zyxel NWA110AX is a dual band 2x2:2 802.11ax wireless access point
with PoE.
The device is very similar to the NWA210AX except for being 2x2 instead
of 4x4 in the 5GHz band and not having the 2.5GbE ethernet port. This
commit factors out a common DTS and device definition and reuses it for
both devices.
Hardware:
* SoC: Qualcomm IPQ8070A
* RAM: 1GiB 1x Samsung K4A8G165WC-BCTD
* Flash: 8MiB Winbond W25Q64DW SPI-NOR, 256MiB Winbond W29N02GZ SPI-NAND
* WLAN 2.4GHz: QCN5024 2x2:2 802.11b/g/n/ax
* WLAN 5GHz: QCN5054 2x2:2 802.11n/ac/ax
* Ethernet: 1x 1GbE with AR8033 PHY
* Serial Config: 3.3V TTL 115200-8-N-1, externally accessible
* Serial Layout: GND TX RX 3.3V (don't connect, marked with triangle)
* LEDs: 1x red, 1x green, 1x blue, 1x white
* Buttons: 1x reset
MAC addresses:
* Uplink: base address on label
* 2.4GHz WLAN: base + 1
* 5GHZ WLAN: base + 2
Flashing Notes:
The device uses a dual-image setup and OpenWrt can only be installed as
image 0. When the currently running stock firmware is image 0, OpenWrt
will be installed as image 1, fail to boot and the device returns to stock
firmware. If this happens, install any version of stock firmware so that
it runs as image 1, before installing OpenWrt. Alternatively, if there
already is a valid stock firmware in image 1, the "debug dual-image show"
and "debug dual-image set boot-image image1" commands can be used in the
stock CLI via serial/SSH/telnet to switch to image 1.
Flashing with Stock Web Interface:
* Get the OpenWrt factory image and rename it to a shorter name, for
example "openwrt.bin" (the stock firmware has a character limit)
* In the web interface, go to "Maintenance" -> "File Manager" ->
"Firmware Package" (or click the link next to "Firmware Version" under
"Device Information" on the dashboard)
* Under "Upload File" browse to the renamed OpenWrt factory image and
click on "Upload"
Switch Boot Image:
* OpenWrt to stock: "zyxel-bootconfig-ipq807x set image1"
* Stock to OpenWrt: "debug dual-image set boot-image image0"
Unbrick / Revert to Stock with the Boot Module:
* Disconnect the device from power
* Configure your machine to 192.168.1.103/24 and start a TFTP server
* Put the stock firmware image into the TFTP server root and rename it to
"ZLD-current"
* Establish a serial connection to the device through the console port
* Connect the device to power
* When prompted, press a key to abort automatic boot and enter debug mode
* Use the "atnz" command to flash the firmware image
* Use the "atgo" command to boot from the newly flashed image
Signed-off-by: Michael Lotz <mmlr@mlotz.ch>
Link: https://github.com/openwrt/openwrt/pull/21849
Signed-off-by: Robert Marko <robimarko@gmail.com>
Netgear RBx350 are dual band 4 stream 802.11ax mesh devices from the Orbi
series. The RBR350 is a router with a WAN and 3 LAN ports. The RBS350 is a
satellite without WAN port, only 2 LAN ports and half the flash. The
hardware is otherwise identical. They were sold in kits as RBK352, RBK353,
RBK354 or RBK355, with one router and 1-4 satellites.
Hardware:
* SoC: Qualcomm IPQ6018
* RAM: 512MiB 1x Nanya NT5CC256M16ER-EK
* Flash: 512MiB Winbond W29N04GZ or 256MiB Winbond W29N02GZ
* WLAN 2.4GHz: QCN5022 2x2:2 b/g/n/ax
* WLAN 5GHz: QCN5052 2x2:2 a/n/ac/ax
* Ethernet: QCA8075 switch with 1 WAN and 3 LAN ports or 2 LAN ports
* Serial Config: 3.3V TTL 115200-8-N-1, internal populated header
* Serial Layout: 3.3V (don't connect, marked with dot) RX TX GND
* LEDs: green/red power, white/red/green/blue status
* Buttons: 1x Reset, 1x WPS
MAC addresses:
* LAN1: base address on label, stored in boarddata partition at 0x8
* LAN2: base + 1
* LAN3: base + 2
* WAN: base + 3
* 2.4GHz WLAN: base + 1
* 5GHz WLAN: base + 2
Flashing Notes:
The stock firmware images are signed. Both the bootloader and the stock
web interface check the signature and will fail to boot/flash.
The bootloader automatically does NMRP when a gigabit LAN connection is
present. The stock and factory images contain a U-Boot script that is
executed when flashing using NMRP. This is used to alter and persist the
U-Boot env with a boot command that works with unsigned firmware.
Install OpenWrt:
* Get the nmrpflash utility [0] and OpenWrt factory image
* Find network interface to use: nmrpflash -L
* Start nmrpflash: nmrpflash -i interface -f openwrt-...-factory.img
* Connect the device LAN port closest to the power jack to the same
network using gigabit
* Plug the device in and wait for the bootloader to flash
* Unplug and replug the device once the power LED blinks amber
Revert to Stock:
The boot command needs to be reverted before flashing the stock firmware,
otherwise it will fail to boot and get stuck in recovery mode (red power
LED flashing).
* Run: fw_setenv bootcmd bootipq
* Restart the device
* Flash the stock firmware RBx350-Va.b.c.d.img using nmrpflash
[0]: https://github.com/jclehner/nmrpflash
Signed-off-by: Michael Lotz <mmlr@mlotz.ch>
Link: https://github.com/openwrt/openwrt/pull/21656
Signed-off-by: Robert Marko <robimarko@gmail.com>
Netgear RBx750 are tri band, 2.4GHz and 2x 5GHz, 8 stream 802.11ax mesh
devices from the Orbi series. The RBR750 is a router with a WAN and 3 LAN
ports. The RBS750 is a satellite without WAN port, only 2 LAN ports and
half the flash. The hardware is otherwise identical. They were sold in
kits as RBK752-RBK757, with one router and 1-6 satellites.
Hardware:
* SoC: Qualcomm IPQ8074
* RAM: 1GiB 1x Samsung
* Flash: 512MiB Winbond W29N04GZ or 256MiB Winbond W29N02GZ
* WLAN 2.4GHz: QCN5024 2x2:2 b/g/n/ax
* WLAN 5GHz Low Band: QCN5054 2x2:2 a/n/ac/ax 5180-5320MHz
* WLAN 5GHz High Band: QCN5054 4x4:4 a/n/ac/ax 5500-5700MHz
* Ethernet: QCA8075 switch with 1 WAN and 3 LAN ports or 2 LAN ports
* Serial Config: 3.3V TTL 115200-8-N-1, internal populated header
* Serial Layout: Bottom <- RX, TX, GND, 3.3V (don't connect) -> Top
* LEDs: green/red power, white/red/green/blue status
* Buttons: 1x Reset, 1x WPS
MAC addresses:
LAN1: base address on label
LAN2: base + 1
LAN3: base + 2
WAN: base + 1
2.4GHz: base + 2
5GHz-Low: base + 3
5GHz-High: base + 4
Flashing Notes:
The stock firmware images are signed. Both the bootloader and the stock
web interface check the signature and will fail to boot/flash.
The bootloader automatically does NMRP when a gigabit LAN connection is
present. The stock and factory images contain a U-Boot script that is
executed when flashing using NMRP. This is used to alter and persist the
U-Boot env with a boot command that works with unsigned firmware.
Install OpenWrt:
* Get the nmrpflash utility [0] and OpenWrt factory image
* Find network interface to use: nmrpflash -L
* Start nmrpflash: nmrpflash -i interface -f openwrt-...-factory.img
* Connect the device LAN port closest to the power jack to the same
network using gigabit
* Plug the device in and wait for the bootloader to flash
* Unplug and replug the device once the power LED blinks amber
Revert to Stock:
The boot command needs to be reverted before flashing the stock firmware,
otherwise it will fail to boot and get stuck in recovery mode (red power
LED flashing).
* Run: fw_setenv bootcmd bootipq
* Restart the device
* Flash the stock firmware RBx750-Va.b.c.d.img using nmrpflash
[0]: https://github.com/jclehner/nmrpflash
Signed-off-by: Michael Lotz <mmlr@mlotz.ch>
Link: https://github.com/openwrt/openwrt/pull/21938
Signed-off-by: Robert Marko <robimarko@gmail.com>
The build would continue even if the some of the intermediate commands
failed, as long as the last command in the final iteration of the loop
was successful.
Add 'set -e' to the subshell so that we immediately exit. Previously,
only the exit status of the final make-index-json.py mattered.
Fixes: https://github.com/openwrt/openwrt/issues/21981
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/21993
Signed-off-by: Robert Marko <robimarko@gmail.com>
Remove OR between GPL-2.0-or-later and LGPL-3.0-or-later to avoid
incorrect parsing of OR as a separate license in the SBOM.
Fixes: 9a157b5d83
Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22003
Signed-off-by: Robert Marko <robimarko@gmail.com>
63413daa8760 uclient-http: fix HTTP authentication after deferred header processing
4fa6fae02f74 uclient-fetch: Extract opt_post variable
8df3120639a4 uclient-fetch: Use HEAD for --spider
0392dfc8e8c4 uclient-fetch: Support of --method, --body-data and --body-file
115c92824b6d uclient-fetch: add OPTIONS request type
a1531e89f6c2 uclient-fetch: support for WebDAV methods
Fixes: https://github.com/openwrt/uclient/issues/14
Signed-off-by: Felix Fietkau <nbd@nbd.name>
d324c0503040 libubox: send warnings to stderr
5a65cb5a79b7 libubox: document positional arguments
8c7b489daa02 libubox: add anonymous strings, ints, et al in arrays
5ec7ff2effb3 uloop: use volatile sig_atomic_t for do_sigchld flag
0efa2cd3b74c usock: check SO_ERROR after poll in usock_inet_timeout()
1a73ded9f738 usock: fix timeout handling in usock_inet_timeout()
1aa36ee774c8 usock: implement RFC 8305 Happy Eyeballs for usock_inet_timeout()
Fixes: https://github.com/openwrt/uclient/issues/8
Signed-off-by: Felix Fietkau <nbd@nbd.name>
RIPE Atlas Probe v5 is a network measurement device based on Turris MOX.
u-boot bootscript supports booting both from the original Turris BTRFS
layout and default OpenWrt ext4 boot + root partition layout.
Specifications:
* SoC: Marvell ARMADA 3720
* RAM: 512 MiB, DDR3
* eMMC: 4G
* Ethernet: 1x 1GbE
MAC:
LAN MAC: label on board
Flash instructions:
* For using the default ext4 layout, boot into a live system using
tftpboot in u-boot and flash an OpenWrt SD image onto /dev/mmcblk0.
* For the Turris layout, put the new rootfs into subvolume '@', not
forgetting to add Image, device tree, and boot.scr to /boot.
Misc:
* USB connection is only for power. For UART access use the pin header:
1: GND
2: +1.8V
5: TX
6: RX
* Flashing the image onto Turris Shield won't work. Use Turris MOX image
instead.
Signed-off-by: Tomáš Macholda <tomas.macholda@nic.cz>
Link: https://github.com/openwrt/openwrt/pull/20031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This was a regression introduced in the recent alignment changes and led
to failures when reading (i.e. 'mkndx') certain packages like follows:
ERROR: python3-botocore-1.31.7-r1.apk: unexpected end of file
It affected packages with a header size greater than the read buffer
size of 128KB but less than 160KB (128KB + (128KB / 4)).
In those cases, we'd attempt a 0 byte read, leading to APKE_EOF.
Based on some tests of files across multiple archs and feeds, it seems
the only packages meeting those criteria were python3-botocore and
golang-github-jedisct1-dnscrypt-proxy2-dev.
Fixes: 64ec08eee1 ("apk: backport upstream fixes for unaligned access")
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/21992
Signed-off-by: Robert Marko <robimarko@gmail.com>
ZTE MF833U1 is a LTE dongle that expose a cdc_ether interface for data link
and WebUI for management. It handles all the "modem" functionalities
internally and does not expose any serial interface. Instead it acts like a
"router in a stick".
It initially enumerates as a USB mass-storage device and does not bind any
network driver, so no netdev is created until a modeswitch is performed.
The test is done on Cudy TR3000 256MB v1.0 running OpenWrt 24.10.5 with an
unit targeting Chinese market:
- Hardware Version: MF883U1_V1.0.0
- Software Version: BD_MF883U1V1.0.0B06
- CMIT ID: 2019CP2106
There are report online that the device have different variants that have
different behavior across different firmware, HW revisions or SKUs.
Before the switch:
```
root@OpenWrt:~# lsusb -t
/: Bus 001.Port 001: Dev 001, Class=root_hub, Driver=xhci-mtk/1p, 480M
|__ Port 001: Dev 003, If 0, Class=[unknown], Driver=[none], 480M
root@OpenWrt:~# lsusb Bus 001 Device 001: ID 1d6b:0002 Linux 6.6.119
xhci-hcd xHCI Host Controller Bus 001 Device 004: ID 19d2:1705
DEMO,Incorporated DEMO Mobile Boardband Bus 002 Device 001: ID 1d6b:0003
Linux 6.6.119 xhci-hcd xHCI Host Controller ```
After the switch:
```
root@OpenWrt:~# lsusb -t
/: Bus 001.Port 001: Dev 001, Class=root_hub, Driver=xhci-mtk/1p, 480M
|__ Port 001: Dev 003, If 0, Class=[unknown], Driver=cdc_ether, 480M
|__ Port 001: Dev 003, If 1, Class=[unknown], Driver=cdc_ether, 480M
|__ Port 001: Dev 003, If 2, Class=[unknown], Driver=[none], 480M
/: Bus 002.Port 001: Dev 001, Class=root_hub, Driver=xhci-mtk/1p, 20000M/x2
root@OpenWrt:~# lsusb Bus 001 Device 001: ID 1d6b:0002 Linux 6.6.119
xhci-hcd xHCI Host Controller Bus 001 Device 003: ID 19d2:1706
DEMO,Incorporated DEMO Mobile Boardband Bus 002 Device 001: ID 1d6b:0003
Linux 6.6.119 xhci-hcd xHCI Host Controller ```
The following kernel debug log is presented:
``` cdc_ether 1-1:1.0 eth2: register 'cdc_ether' at usb-11200000.usb-1, ZTE
CDC Ethernet Device, 34:4b:50:00:00:00 ```
Signed-off-by: Zihao Diao <hi@ericdiao.com>
Link: https://github.com/openwrt/openwrt/pull/21867
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Increase PKG_RELEASE so buildbots pick up and rebuild the updated
package files.
Fixes: c752525511 ("xdp-tools: add patch to fix stddef.h build issue")
Link: https://github.com/openwrt/openwrt/pull/21988
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add a patch that avoids including <stddef.h> in BPF headers, fixing
build failures on OpenWrt toolchains where the header is unavailable:
In file included from xdpfilt_dny_udp.c:10:
In file included from ./xdpfilt_prog.h:24:
../lib/../headers/xdp/parsing_helpers.h:18:10: fatal error: 'stddef.h' file not found
18 | #include <stddef.h>
| ^~~~~~~~~~
1 error generated.
make[5]: *** [../lib/common.mk:111: xdpfilt_dny_udp.o] Error 1
make[4]: *** [Makefile:40: xdp-filter] Error 2
Link: https://github.com/openwrt/openwrt/pull/21972
Signed-off-by: Nick Hainke <vincent@systemli.org>
These devices share the same "compatible" in device tree causing some
incompatibilities (sysupgrades, ASU profile identification), assign a
unique "compatible" and "model" to each variant.
Context:
Commit [1] added each variant's dts compatible to the SUPPORTED_DEVICES
field of the other variant to make easy sysupgrades between these
physically indistinguishable devices variants possible.
But there were found three issues which does not allow this:
- the sysupgrade's stricter check still used in some sysupgrade
paths(this check is being replaced(and redundant) with the newer fwtool's
SUPPORTED_DEVICES check using the info in images METADATA), this check
will fail when sysupgrading from a different board_name(compatible dts)
that the image was created for (image profile name).[2]
- ASU needs unique "dts compatible" to identify the devices profile.
- and an ASU's profile identification limitation when several devices from
a common target share SUPPORTED_DEVICES entries.[3]
There is a proposal for these issues but not yet implemented [4][3].
Until these issues are fixed we won't allow "easy" sysupgrades between
these two device variants.
Commit [5] avoided the ASU profile identification limitation but
missed the required two unique dts compatibles in order to make the two
variants fully work, although not allowing easy sysupgrade between them.
[1]: 8d30e07180
[2]: sysupgrade stricter check https://github.com/openwrt/openwrt/issues/20566#issuecomment-3583555482
[3]: ASU proposal https://github.com/openwrt/asu/pull/1533
[4]: allow easy sysupgrade proposal https://github.com/openwrt/openwrt/pull/20947
[5]: b71f4665cd
Fixes: b71f466 ("mediatek: filogic: fix supported_devices list for gl-mt2500")
Fixes: 8d30e07 ("mediatek: filogic: fix for new GL.iNet GL-MT2500/GL-MT2500A hardware revision")
Fixes: https://github.com/openwrt/openwrt/issues/20566
Fixes: https://github.com/openwrt/asu/issues/1525
Signed-off-by: Mario Andrés Pérez <mapb_@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/21842
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7e5b324 instance: check length of names when creating cgroups
014f94c procd: jail/cgroups: fix OOB write in cgroups_apply()
e08cdc8 hotplug-dispatch: fix filter disallowing setting PATH
afa4391 service instance: Improve handling of watchdog config changes
52c64d2 service instance: Fix overwriting of watchdog linked list members
96c827f coldplug: fix missing header include
6b10c71 hotplug-dispatch: fix missing header include
58d7aaa initd/coldplug: create /dev/null before running udevtrigger
64f97ff hotplug-dispatch: redirect output to /dev/null
c4e9859 hotplug-dispatch: use stat if d_type is DT_UNKNOWN
bafdfff system: fix arguments validation in ubus handler
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When config_change is set during an active setup (e.g. by a concurrent
reconf call), wdev_mark_up() attempted to call setup() while still in
"setup" state. Since setup() requires state "up" or "down", it silently
returned, leaving the state as "setup". The subsequent wdev_setup_cb()
then treated this as a setup failure, triggering an unnecessary
teardown+restart cycle.
Fix this by removing the config_change handling from wdev_mark_up() and
moving it to wdev_setup_cb() instead. wdev_mark_up() now always
transitions to "up" state. When wdev_setup_cb() runs afterwards and
finds the device already "up" with config_change set, it initiates a
clean re-setup from the "up" state where setup() can run.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Commit 01a87f4bd0 changed the encryption
setting of the default SSID "OpenWrt" from "none" to "open". The correct
setting as per the documentation [1] is "none", though.
While this invalid setting won't cause a wrong hostapd setup, it will
at least cause malfunction in LuCI.
Change the default encryption setting back to "none".
[1] https://openwrt.org/docs/guide-user/network/wifi/basic#encryption_modes
Fixes: 01a87f4bd0
Signed-off-by: Shine <4c.fce2@proton.me>
Link: https://github.com/openwrt/openwrt/pull/21925
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
These two are redundant definitions according to dts. A value of 4 (CRC
no redundancy) makes no sense.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16618
Signed-off-by: Robert Marko <robimarko@gmail.com>
There are two redundant sections. One at 0x0 and the other at 0x80000.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16618
Signed-off-by: Robert Marko <robimarko@gmail.com>
Code was moved from 601-ucode_support.patch into ucode.{c,h},
but the patch still contained the old hunks. As a result, the patch
no longer applies.
Fix this by dropping the moved code from 601-ucode_support.patch.
Fixes: a7756346c7 ("hostapd: extend DPP ucode API with WPS M7/M8 encrypted settings handling")
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add callbacks to intercept WPS M7 reception (registrar side) and M8
reception (enrollee side), allowing external code to inject extra
encrypted attributes and optionally skip credential building.
On the registrar side, the m7_rx callback receives the decrypted M7
content and can return extra data to include in M8's encrypted settings
as well as a flag to skip credential generation.
On the enrollee side, add a wps_set_m7 method to set extra encrypted
data for M7, and a m8_rx callback to handle the decrypted M8 content
externally.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add a ucode API to hostapd and wpa_supplicant for external DPP frame
handling. This allows an external controller to intercept DPP frames
and handle the DPP protocol externally.
The API provides:
- RX callbacks (dpp_rx_action, dpp_rx_gas) called when DPP frames are
received, allowing external handling before internal processing
- TX methods (dpp_send_action, dpp_send_gas_resp/dpp_send_gas_req) for
transmitting DPP frames
- A ubus channel-based API (dpp_channel) for bidirectional communication
with exclusive hook registration per interface
- CCE control for hostapd (set_cce method)
The wpa_supplicant API mirrors hostapd but adapted for STA role:
- Uses tx_gas_req instead of tx_gas_resp
- GAS RX provides full frame instead of parsed query
- No CCE control (AP-only feature)
Both implementations include:
- Timeout handling with automatic channel disconnect after 3 failures
- Hook cleanup on interface removal
- Last-caller-wins semantics for hook registration
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When storing device-level data, wdev_set_data() spread the entire wdev
object into handler_data. Since handler_config.data is set from the
previous handler_data[wdev.name] before each setup, this created
exponentially growing nesting with each reload, eventually causing
"nesting too deep" JSON parse errors.
Fix by initializing cur to a simple object containing only the device
name instead of the entire wdev object.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add support for DPP (Device Provisioning Protocol) as both a primary
encryption type and as an optional addition to existing authentication.
Primary DPP mode (encryption=dpp):
- Sets WPA2 with key_mgmt=DPP
- Requires Management Frame Protection (ieee80211w=2)
- Supports dpp_connector, dpp_csign, dpp_netaccesskey options
Optional DPP mode (dpp=1 boolean on AP):
- Adds DPP to existing key management methods
- Allows AP to accept both DPP and other auth types
- Supports the same connector options
Both ucode and legacy shell implementations are updated for AP and STA
modes.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Allow callers of edit_create_destroy to pass additional named arguments
via info.named_args that get merged into the create command parameters.
Signed-off-by: John Crispin <john@phrozen.org>
When a remote peer's connection drops (device powered off, unetmsgd
crash, network failure), network_rx_cleanup_state silently removed
the remote publish/subscribe handles without notifying local
subscribers. This meant local clients had no way to detect that a
remote peer had disappeared.
Call handle_publish for each channel where a remote publish handle
is removed during connection cleanup, so local subscribers receive
the publisher change notification and can react accordingly.
Signed-off-by: John Crispin <john@phrozen.org>
handle_publish() notifies local subscribers about publisher state
changes. The publish/subscribe handler in network_socket_handle_request()
was calling it for both remote publish and subscribe changes, but
subscriber changes are not relevant to local subscribers.
Guard the handle_publish() calls with a msgtype == "publish" check,
matching the local client paths in unetmsgd-client.uc which already
have this guard.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When both peers connect simultaneously, the RX side can authenticate
before the TX handshake completes. network_check_auth() was sending a
ping on the unauthenticated TX channel, which gets rejected by the
remote's pre-auth handler as "Auth failed", killing the connection and
triggering an endless reconnect cycle.
Check chan.auth before interacting with the TX channel. If TX auth
hasn't completed yet, just schedule a reconnect timer - auth_data_cb
already handles state sync when TX auth completes.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
network_close() only closed the listening socket without shutting down
established RX/TX connections. This left remote state in
core.remote_publish/core.remote_subscribe for hosts on the removed
network, causing stale entries in channel listings and failed routing
attempts.
Close all RX and TX channels before removing the network, which also
triggers remote state cleanup via network_rx_socket_close().
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The cleanup condition checked != instead of ==, inverting the logic.
This caused two problems:
When an authenticated RX connection disconnected, remote state for that
host was never cleaned up since the stored entry matched the one being
closed.
When a stale unauthenticated connection from a peer closed, any existing
authenticated connection from the same peer was incorrectly deleted and
its remote state wiped.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When a remote peer's publish registrations arrive via RX before the
local TX connection is authenticated, handle_publish fires but the
subscriber can't reach the remote publisher yet since the TX channel
isn't ready.
Suppress publish notifications on the RX side when no authenticated TX
channel exists for the remote host. After TX authentication completes,
re-trigger handle_publish only for topics that the specific peer
publishes and that have local subscribers.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The condition checked !data.networks instead of !data.networks[name],
making it always false since data.networks was already validated earlier
in the function. Networks removed from unetd were never closed.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Check /var/run/uci/ before /etc/config/ so that overlay configs
also trigger service reload events.
The overlay directory takes precedence, and uci show already handles
merging overlay + base configuration correctly.
Signed-off-by: John Crispin <john@phrozen.org>
Changelog:
13701b5 libtraceevent: 1.9
6a3a815 libtraceevent: Add tep_load_modules() API
31fc91b libtraceevent: Add tep_parse_last_boot_info()
5e4ef1f libtraceevent: Add tep_btf_list_args()
aa49dce libtraceevent: Split out btf func init code from tep_btf_print_args()
239b063 libtraceevent: Do not change names of functions not of this library
c284dec libtraceevent: Handle __get_stacktrace()
1ba1262 libtraceevent: Move back to 1.8.99
263459e libtraceevent: Use BTF_INT_BITS/OFFSET() when parsing int parameters
0294b73 libtraceevent utest: Add simple test to test BTF parsing
38e03ac libtraceevent: Have BTF find functions with extra characters
b441fff libtraceevent: Add man page for the new BTF functions
87f30d9 libtraceevent: Add loading of BTF to the tep handle
3488dc9 libtraceevent: Move to 1.9 devel
Link: https://github.com/openwrt/openwrt/pull/21886
Signed-off-by: Nick Hainke <vincent@systemli.org>
Changelog:
6fad6a1 libtracefs: version 1.8.3
5505e14 libtracefs: Do not have utest fail debugfs/tracing not found
362574c libtracefs: Fix whitespace in enable_disable_all()
06c07be libtracefs: Make comm field a string
0a2a28f libtracefs/Documentation: Fix markup in the man page
57fcdc1 libtracefs: utest: Return non-zero exit code when something fails
ae03455 libtracefs: Fix tracefs_event_is_enabled() for all events
01a3fd3 libtracefs: Fix enum type in read_event_state
ef1656b libtracefs: Fix the /dev/null redirection compatibility in Makefile
Link: https://github.com/openwrt/openwrt/pull/21886
Signed-off-by: Nick Hainke <vincent@systemli.org>
Uninitialized memory led to bogus, huge timestamps being set on files
downloaded with the wget backend. This caused odd issues like 'ls -l'
crashing busybox when attempting to list the .apk file afterwards.
Link: 42f159e67b
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/21874
Signed-off-by: Robert Marko <robimarko@gmail.com>
It's not the proper one. No of_platform_ APIs are being used.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21164
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
follow-up to 148207730a
Schoolboy error on the peer_psk value.
Also fix an issue when joining peer IPv4 and IPv6 AllowedIPs
(${peer_a_ips/ /, } replaces only the first space, while
${peer_a_ips// /, } replaces all the spaces).
Closes: https://github.com/openwrt/openwrt/issues/21847
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21851
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add a status method to both hostapd and wpa_supplicant ubus objects
that lists all configured interfaces with their wiphy, MAC address,
and running/pending state. For MLO interfaces, links are grouped
under a single entry with per-link status.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
- preserve (active) interface (at reload)
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21784
Signed-off-by: Robert Marko <robimarko@gmail.com>
- no longer write any temporary file for peer gen
- use wg syncconf to update active interfaces (not setconf)
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21784
Signed-off-by: Robert Marko <robimarko@gmail.com>
- no longer write any temporary file for key gen
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21784
Signed-off-by: Robert Marko <robimarko@gmail.com>
