he_phy_cap and he_mac_cap in phy_capabilities are only populated inside
the iftype_data loop. On 6GHz-only radios (e.g. QCN9074/ath11k_pci),
when capability bytes are unavailable they remain null, causing null
dereferences in device_htmode_append():
Reference error: left-hand side expression is null
if (!(he_phy_cap[3] & 0x80))
Initialise both to [] before the loop and guard the consumer side with
?? [] so bitwise checks conservatively disable beamformer/beamformee/twt
features rather than crashing.
Link: https://github.com/openwrt/openwrt/issues/23488
Signed-off-by: dastarothx <darkastalier@gmail.com>
(cherry picked from commit feca0b4507b9175b95a59701462d550eb0b855c0)
Link: https://github.com/openwrt/openwrt/pull/23503
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The ucode migration wrote "basic_rate" into the wpa_supplicant network
block, but that is not a valid wpa_supplicant network field, causing:
Line 15: unknown network field 'basic_rate'.
failed to parse network block.
Map UCI basic_rate to the correct wpa_supplicant fields, matching the
behavior of the legacy shell script (hostapd.sh):
- mesh mode: mesh_basic_rates (space-separated, 100 kb/s units)
- sta/adhoc: rates (comma-separated Mbps)
Link: a854d833ea
Signed-off-by: Florian Maurer <f.maurer@outlook.de>
[fix commit message link]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 8810ecd5ed)
Add patches to fix build failures on musl-based toolchains:
0002-xdpsock-fix-struct-ethhdr-redefinition-on-musl.patch:
xdpsock.c included <net/ethernet.h> and <netinet/ether.h> alongside
<linux/if_ether.h>, triggering a struct ethhdr redefinition on musl.
Replace BSD-style ether_header/ether_addr with struct ethhdr and drop
the conflicting includes.
0003-build-use-gnu2x-to-avoid-stdbool.h-dependency.patch:
Switch CFLAGS and BPF_CFLAGS from -std=gnu11 to -std=gnu2x. In C23,
bool is a native keyword, fixing "stdbool.h: No such file or directory"
errors with a clang lacking its resource directory (e.g. llvm-bpf built
with LLVM_INSTALL_TOOLCHAIN_ONLY=ON on musl targets).
Link: https://github.com/openwrt/openwrt/pull/22983
(cherry picked from commit d16758d2d3)
Link: https://github.com/openwrt/openwrt/pull/23015
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add a patch that avoids including <stddef.h> in BPF headers, fixing
build failures on OpenWrt toolchains where the header is unavailable:
In file included from xdpfilt_dny_udp.c:10:
In file included from ./xdpfilt_prog.h:24:
../lib/../headers/xdp/parsing_helpers.h:18:10: fatal error: 'stddef.h' file not found
18 | #include <stddef.h>
| ^~~~~~~~~~
1 error generated.
make[5]: *** [../lib/common.mk:111: xdpfilt_dny_udp.o] Error 1
make[4]: *** [Makefile:40: xdp-filter] Error 2
Link: https://github.com/openwrt/openwrt/pull/21972
(cherry picked from commit c752525511)
Link: https://github.com/openwrt/openwrt/pull/23015
Signed-off-by: Nick Hainke <vincent@systemli.org>
Without this, max_oper_chwidth is set incorrectly,
thus ibss_mesh_select_80_160mhz fails to set the correct channel width
Signed-off-by: Richard Huynh <voxlympha@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22644
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6abfd98c4e)
The ucode path generates different erp_domain and fils_cache_id
values than the legacy shell path due to three mismatches:
1. erp_domain md5 input missing trailing newline (echo adds \n)
2. erp_domain output truncated to 4 chars instead of 8 (shell
uses head -c 8)
3. fils_cache_id md5 input missing trailing newline
4. erp_domain missing fallback to mobility_domain
Same bug pattern as mobility_domain fixed in commit b1dc2736db.
Fixes: #21768
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Joshua Klinesmith <joshuaklinesmith@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22677
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b178e05d9b)
Introduce the devpath option to find the control channel device from a
hardware path for a USB or a WWAN device.
This option is useful when there are multiple modems connected to the
system. The name of the control channel device of a modem can change
depending on which modem initialises first or if it was recently plugged
in. The devpath option allows specifying the hardware path of the modem
where the control channel device will be found using that.
For the USB device hardware path, it is allowed to specify the USB port
number the modem is directly connected to.
If the device and devpath options are both set, devpath takes precedence
over device.
The USB device hardware path of a control channel device can be found by:
readlink -f /sys/class/usbmisc/cdc-wdmX/device
The WWAN device hardware path of a control channel device can be found by:
readlink -f /sys/class/wwan/wwanXqmiX/device
An example uci configuration would be:
config interface 'wwan_usb1'
option proto 'qmi'
option auth 'none'
option devpath '/sys/devices/platform/1e1c0000.xhci/usb1/1-1'
option apn 'internet'
option pdptype 'ipv4v6'
Or:
config interface 'wwan_pcie1'
option proto 'qmi'
option auth 'none'
option devpath '/sys/devices/platform/soc/11280000.pcie/pci0003:00/0003:00:00.0/0003:01:00.0'
option apn 'internet'
option pdptype 'ipv4v6'
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
(cherry picked from commit e83da3bada)
Link: https://github.com/openwrt/openwrt/pull/22254
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Introduce the devpath option to find the control channel device from a
hardware path for a USB or a WWAN device.
This option is useful when there are multiple modems connected to the
system. The name of the control channel device of a modem can change
depending on which modem initialises first or if it was recently plugged
in. The devpath option allows specifying the hardware path of the modem
where the control channel device will be found using that.
For the USB device hardware path, it is allowed to specify the USB port
number the modem is directly connected to.
If the device and devpath options are both set, devpath takes precedence
over device.
The USB device hardware path of a control channel device can be found by:
readlink -f /sys/class/usbmisc/cdc-wdmX/device
The WWAN device hardware path of a control channel device can be found by:
readlink -f /sys/class/wwan/wwanXmbimX/device
An example uci configuration would be:
config interface 'wwan_usb1'
option proto 'mbim'
option auth 'none'
option devpath '/sys/devices/platform/1e1c0000.xhci/usb1/1-1'
option apn 'internet'
option pdptype 'ipv4v6'
Or:
config interface 'wwan_pcie1'
option proto 'mbim'
option auth 'none'
option devpath '/sys/devices/platform/soc/11280000.pcie/pci0003:00/0003:00:00.0/0003:01:00.0'
option apn 'internet'
option pdptype 'ipv4v6'
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
(cherry picked from commit 764c503a2c)
Link: https://github.com/openwrt/openwrt/pull/22254
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The hostapd configuration for SU-BEAMFORMEE was incorrectly using the
beamformer antenna count instead of the beamformee antenna count for the
[BF-ANTENNA-N] capability string.
Fix this by using config.beamformee_antennas instead.
Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22511
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit fc5aed2ff2)
After 02e2065203, it can happen that both,
[VHT160-80PLUS80] and [VHT160] are added to the vht_capab option in
an AP's hostapd.conf, which would cause a failure to start the AP.
Fix the logic in order to prevent such misconfiguration.
Fixes: #22481
Signed-off-by: Shine <4c.fce2@proton.me>
Link: https://github.com/openwrt/openwrt/pull/22482
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit c949d0e6c6)
This reverts commit cf1c8c1f3a.
This accidentally bumped odhcp to the version from main branch instead
of using the 25.12 branch.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
a52cdb354d13 dns: validate IPv4 record addresses
b798c24205b5 dns: validate IPv6 record addresses
a3dcb4adc635 dns: validate reverse dns query name lengths
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit 8a7eb57ab8)
When the virtual package "uci-firewall" is installed, the choice
between "firewall" and "firewall4" is arbitrary, sometimes resulting
in one, sometimes the other.
Set the default variant on "firewall4" to make it the preferred
package when installed as a dependency.
Link: https://forum.openwrt.org/t/owut-openwrt-upgrade-tool/200035/1126
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22328
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5d71d9a4be)
memcpy() with overlapping src and dest buffers is an undefined behavior
in C. In the current code, a ConfRej response is generated by copying
input data in-place, where the dest address is lower than the src.
This happens to work in practice because memcpy() forward-copies data,
matching the behavior of memmove() in this case.
However, if FORTIFY_SOURCE or Address Sanitizer is enabled, memcpy()
will detect the overlap at run time and abort the program.
Replace the memcpy() with memmove() to ensure a well-defined behavior.
Reported-by: Filippo Carletti <filippo.carletti@gmail.com>
MRU patch https://github.com/ppp-project/ppp/pull/573
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22286
(cherry picked from commit 1e9da9798a)
Link: https://github.com/openwrt/openwrt/pull/22318
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The key variable is not defined in the scope when setting wpa_psk. Use
config.key instead.
This fixes configuration the 64 characters wpa_psk directly.
Reported-by: donjoe in OpenWrt Forum
Link: https://github.com/openwrt/openwrt/pull/22182
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 69daeebc9a)
51fa9ed6d4d6 interface-ip: fix fortify build error
cbb83a185740 bridge: skip present toggle in bridge_free_member() when device is active
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Due to a missing include, the constant UINT_MAX is undefined. This
fixes issues when building v25.12.0-rc5. Including a newer version of
iproute2 would include the patch, but causes other building issues.
Signed-off-by: Jonas Lochmann <openwrt@jonaslochmann.de>
Link: https://github.com/openwrt/openwrt/pull/22128
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5f063d18bd)
Ensure that the BSS start_disabled option is always cleared, so that
interfaces come up properly.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit b7cd16dba3)
Without initializing pwd_group, it's set to 0, which is reserved value.
When EAP-PWD is used in wpa_supplicant/eapol_test, next error is seen:
EAP-PWD: Server EAP-pwd-ID proposal: group=0 random=1 prf=1 prep=0
EAP-pwd: Unsupported or disabled proposal
Signed-off-by: Yaroslav Isakov <yaroslav.isakov@gmail.com>
(cherry picked from commit 9d78b2f53c)
Secondary BSSes inherit the alloc value which bypasses
NL80211_ATTR_VIF_RADIO_MASK in nl80211_create_iface() and causes the
kernel to default new interfaces to all radios.
The ucode bss_create fallback fails to correct this because
the interface is already UP.. the kernel rejects SET_INTERFACE with
-EBUSY.
Signed-off-by: Chad Monroe <chad@monroe.io>
(cherry picked from commit 50d3d287e4)
Add the OpenWrt CPPFLAGS to the CFLAGS. ebtables does not
support CPPFLAGS. This fixes fortify sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 77d896725f)
Add the OpenWrt CPPFLAGS to the CFLAGS. arptables does not
support CPPFLAGS. This fixes fortify sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 33b2c6f955)
Add the OpenWrt CPPFLAGS to the FLAGS. iwinfo does not support CPPFLAGS.
This fixes fortify sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 379d5b8bc4)
Add the OpenWrt CPPFLAGS to the CFLAGS. wireless-tools does not
support CPPFLAGS. This fixes fortify sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d69b283068)
Forward the OpenWrt CPPFLAGS to the compile process. This fixes fortify
sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 0f1c1c581f)
Forward the OpenWrt CPPFLAGS to the compile process. This fixes fortify
sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit bfd57eab3d)
Forward the OpenWrt CPPFLAGS to the compile process. This fixes fortify
sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b497c3f68f)
Forward the OpenWrt CPPFLAGS to the compile process. This fixes fortify
sources support.
Link: https://github.com/openwrt/openwrt/pull/22056
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 2ca7c2b846)
This fixes a simple logic error in the macaddr existence check in mac80211.uc.
Signed-off-by: Harin Lee <me@harin.net>
Link: https://github.com/openwrt/openwrt/pull/21277
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 2ebcda1ea6)
This allows services to dynamically configure MLO interfaces without
using UCI.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 0a8bccf85d)
This helps for setups where the wifi interfaces are added dynamically
via procd data by avoiding automatically bringing up interfaces with
the default config. Internally, they are treated pretty much the same
by netifd.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 79a0aebd81)
Add optional chaining when accessing device config in the wifi-iface
loop to handle cases where a referenced device doesn't exist.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 8b994ed397)
When storing device-level data, wdev_set_data() spread the entire wdev
object into handler_data. Since handler_config.data is set from the
previous handler_data[wdev.name] before each setup, this created
exponentially growing nesting with each reload, eventually causing
"nesting too deep" JSON parse errors.
Fix by initializing cur to a simple object containing only the device
name instead of the entire wdev object.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 68c2ab8f5f)
Extract survey fetching into get_survey() and store results in iface.survey,
allowing access to full survey info (not just noise) for later use.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit e855f32bdd)
Moved interface discovery and data population into an exported update()
function that can be called on-demand to refresh wireless interface
information. This allows using iwinfo.uc as a library inside daemons.
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 26eab84f81)
When a remote peer's connection drops (device powered off, unetmsgd
crash, network failure), network_rx_cleanup_state silently removed
the remote publish/subscribe handles without notifying local
subscribers. This meant local clients had no way to detect that a
remote peer had disappeared.
Call handle_publish for each channel where a remote publish handle
is removed during connection cleanup, so local subscribers receive
the publisher change notification and can react accordingly.
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 7fd71f2c74)
handle_publish() notifies local subscribers about publisher state
changes. The publish/subscribe handler in network_socket_handle_request()
was calling it for both remote publish and subscribe changes, but
subscriber changes are not relevant to local subscribers.
Guard the handle_publish() calls with a msgtype == "publish" check,
matching the local client paths in unetmsgd-client.uc which already
have this guard.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit e0722d0ac4)
