From 5bc82dede009520be689d9127dfeb841e3f8afaa Mon Sep 17 00:00:00 2001 From: John Crispin Date: Wed, 11 Dec 2024 11:54:34 +0100 Subject: [PATCH 01/35] wifi-scripts: ucode: typo fix Signed-off-by: John Crispin --- .../wifi-scripts/files-ucode/usr/share/ucode/wifi/iface.uc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/iface.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/iface.uc index 3c15d87d00..69805a4b6f 100644 --- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/iface.uc +++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/iface.uc @@ -101,7 +101,7 @@ export function wpa_key_mgmt(config) { if (config.wpa >= 2 && config.ieee80211r) append_value(config, 'wpa_key_mgmt', 'FT-EAP'); if (config.ieee80211w) - append_value(config, 'wpa_key_mgmt', 'WPA-EAP--SHA256'); + append_value(config, 'wpa_key_mgmt', 'WPA-EAP-SHA256'); break; case 'eap192': From 4c60fba3d809ff30bad1baae03b90b208b7afe0d Mon Sep 17 00:00:00 2001 From: John Crispin Date: Wed, 11 Dec 2024 11:55:21 +0100 Subject: [PATCH 02/35] wifi-scripts: ucode: only set mbssid on ax and be radios Signed-off-by: John Crispin --- .../wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc index 2f6c4ddc40..f7eaa2741d 100644 --- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc +++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc @@ -478,7 +478,7 @@ function generate(config) { device_rates(config); /* beacon */ - append_vars(config, [ 'beacon_int', 'beacon_rate', 'rnr_beacon', 'mbssid' ]); + append_vars(config, [ 'beacon_int', 'beacon_rate', 'rnr_beacon' ]); /* wpa_supplicant co-exist */ append_vars(config, [ 'noscan' ]); @@ -510,6 +510,9 @@ function generate(config) { } device_htmode_append(config); + if (config.ieee80211ax || config.ieee80211be) + append_vars(config, [ 'mbssid' ]); + /* 6G power mode */ if (config.band != '6g') append_vars(config, [ 'reg_power_type' ]); From 3ab1a69339cf2f98046480474be712e18919b6db Mon Sep 17 00:00:00 2001 From: John Crispin Date: Wed, 11 Dec 2024 12:02:18 +0100 Subject: [PATCH 03/35] wifi-scripts: ucode: fix parsing of legacy hwmode option Signed-off-by: John Crispin --- .../wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc | 4 ++-- .../wifi-scripts/files-ucode/usr/share/ucode/wifi/iface.uc | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc index f7eaa2741d..c7baa8d85b 100644 --- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc +++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc @@ -17,8 +17,8 @@ let phy_capabilities = {}; /* make sure old style UCI and hwmode and newer band properties are correctly resolved */ function set_device_defaults(config) { /* validate the hw mode */ - if (config.hwmode in [ '11a', '11b', '11g', '11ad' ]) - config.hw_mode = substr(config.hwmode, 2); + if (config.hw_mode in [ '11a', '11b', '11g', '11ad' ]) + config.hw_mode = substr(config.hw_mode, 2); else if (config.channel > 14) config.hw_mode = 'a'; else diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/iface.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/iface.uc index 69805a4b6f..daddb801ef 100644 --- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/iface.uc +++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/iface.uc @@ -6,7 +6,7 @@ import * as fs from 'fs'; export function parse_encryption(config) { let encryption = split(config.encryption, '+', 2); - config.wpa_pairwise = (config.hwmode == 'ad') ? 'GCMP' : 'CCMP'; + config.wpa_pairwise = (config.hw_mode == 'ad') ? 'GCMP' : 'CCMP'; switch(encryption[1]){ case 'tkip+aes': From 7e854bd9430c3f33dbbceb26390bdf476b27dd2d Mon Sep 17 00:00:00 2001 From: John Crispin Date: Wed, 11 Dec 2024 12:06:55 +0100 Subject: [PATCH 04/35] wifi-scripts: ucode: append global options on STA interfaces Signed-off-by: John Crispin --- .../files-ucode/usr/share/ucode/wifi/supplicant.uc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc index 04d7f216aa..0519e58177 100644 --- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc +++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc @@ -182,9 +182,11 @@ export function generate(config_list, data, interface) { return 1; } - interface.config.country = data.config.country; + interface.config.country = data.config.country_code; interface.config.beacon_int = data.config.beacon_int; + append_vars(interface.config, [ 'country', 'beacon_int' ]); + setup_sta(data.config, interface.config); let file_name = `/var/run/wpa-supplicant-${interface.config.ifname}.conf`; From 3dd1c476d9b3a2fc46f43bd9c2dff9192f6973aa Mon Sep 17 00:00:00 2001 From: John Crispin Date: Wed, 11 Dec 2024 12:27:38 +0100 Subject: [PATCH 05/35] wifi-scripts: ucode: remove debug code Signed-off-by: John Crispin --- .../wifi-scripts/files-ucode/usr/share/ucode/wifi/common.uc | 2 -- 1 file changed, 2 deletions(-) diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/common.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/common.uc index a4d7eb3ed7..2dc11f50b9 100644 --- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/common.uc +++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/common.uc @@ -109,8 +109,6 @@ export function dump_network(file) { if (file) fs.writefile(file, config_data); - printf('%s\n', config_data); - return config_data; }; From 60f9ec2b227e0523ed0c31584b0ff09762b78740 Mon Sep 17 00:00:00 2001 From: John Crispin Date: Wed, 11 Dec 2024 14:42:47 +0100 Subject: [PATCH 06/35] wifi-scripts: ucode: change default behaviour of the vlan_no_bridge option Signed-off-by: John Crispin --- .../wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc index 8db3fc34b3..d6ca3b5dd2 100644 --- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc +++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc @@ -285,8 +285,8 @@ function iface_vlan(interface, config, vlans) { if (!config.vlan_possible || !config.dynamic_vlan) return; - - config.vlan_no_bridge = !config.vlan_bridge; + + set_default(config, 'vlan_no_bridge', !config.vlan_bridge); append_vars(config, [ 'dynamic_vlan', 'vlan_naming', 'vlan_bridge', 'vlan_no_bridge', From 2bcc49aef93f454950d425b8de69d230b52cc63c Mon Sep 17 00:00:00 2001 From: John Crispin Date: Wed, 11 Dec 2024 12:32:37 +0100 Subject: [PATCH 07/35] procd: update to latest HEAD e2f05de state: set_stdio: chdir back to / in case of failure 30542c9 inittab: Disable implicit controlling TTY. Signed-off-by: John Crispin --- package/system/procd/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package/system/procd/Makefile b/package/system/procd/Makefile index b9099a5ba5..70df481a22 100644 --- a/package/system/procd/Makefile +++ b/package/system/procd/Makefile @@ -12,9 +12,9 @@ PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/procd.git -PKG_MIRROR_HASH:=56c5f71da3f68036c63ae59d01992785e74027726da5973297895985cd27c215 -PKG_SOURCE_DATE:=2024-11-13 -PKG_SOURCE_VERSION:=7330fa55c5211eb7b3c675d1c7b8281b69b53553 +PKG_MIRROR_HASH:=2c9eb493618e3a695d329cbf7379a165d4c2366a6e00edc63db3271aa059a294 +PKG_SOURCE_DATE:=2024-12-11 +PKG_SOURCE_VERSION:=e2f05deb93949f447d397e8cd3a341bc8e53cd38 CMAKE_INSTALL:=1 PKG_LICENSE:=GPL-2.0 From d162fd5ed44af7a33c9aefd72479c1c77f3234e4 Mon Sep 17 00:00:00 2001 From: John Crispin Date: Wed, 11 Dec 2024 15:41:21 +0100 Subject: [PATCH 08/35] umdns: update to latest HEAD 93458ac dns: fix response to TYPE_PTR query 68af311 fix unicast response port and timeout a2b4979 service: announce all services in single dns answer 4537734 display announced services in ubus call umdns browse 0b50c29 display more srv attributes in output of ubus browse function Signed-off-by: John Crispin --- package/network/services/umdns/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package/network/services/umdns/Makefile b/package/network/services/umdns/Makefile index 606dc7274f..ede371231a 100644 --- a/package/network/services/umdns/Makefile +++ b/package/network/services/umdns/Makefile @@ -12,9 +12,9 @@ PKG_RELEASE:=1 PKG_SOURCE_URL=$(PROJECT_GIT)/project/mdnsd.git PKG_SOURCE_PROTO:=git -PKG_SOURCE_DATE:=2024-09-17 -PKG_SOURCE_VERSION:=fbaca4b6f530d4b2f361ee15c266aa19a708242b -PKG_MIRROR_HASH:=e3fc47a019ea54722b8d7dfc8158307a9fb4a9d18945a1a6794616e3b80d5d3b +PKG_SOURCE_DATE:=2024-12-11 +PKG_SOURCE_VERSION:=93458ac90911b84c7279070cd350405d203b702d +PKG_MIRROR_HASH:=6e6fe777d19da744116579be612590e1b41a9ef2c8ff2afeaea942d6b3da49ef PKG_MAINTAINER:=John Crispin PKG_LICENSE:=LGPL-2.1 From d6be0a203910795ab964fd324da1ca54371643b8 Mon Sep 17 00:00:00 2001 From: Chukun Pan Date: Sat, 7 Dec 2024 23:16:15 +0800 Subject: [PATCH 09/35] qualcommax: ipq60xx: fixes base-files typo * fix caldata file name * fix bootcount file permission Fixes: 9c55866 ("qualcommax: ipq60xx: add Linksys MR7350 support") Signed-off-by: Chukun Pan Link: https://github.com/openwrt/openwrt/pull/17230 Signed-off-by: Robert Marko --- .../hotplug.d/firmware/{11-ath11-caldata => 11-ath11k-caldata} | 0 target/linux/qualcommax/ipq60xx/base-files/etc/init.d/bootcount | 1 - 2 files changed, 1 deletion(-) rename target/linux/qualcommax/ipq60xx/base-files/etc/hotplug.d/firmware/{11-ath11-caldata => 11-ath11k-caldata} (100%) mode change 100644 => 100755 target/linux/qualcommax/ipq60xx/base-files/etc/init.d/bootcount diff --git a/target/linux/qualcommax/ipq60xx/base-files/etc/hotplug.d/firmware/11-ath11-caldata b/target/linux/qualcommax/ipq60xx/base-files/etc/hotplug.d/firmware/11-ath11k-caldata similarity index 100% rename from target/linux/qualcommax/ipq60xx/base-files/etc/hotplug.d/firmware/11-ath11-caldata rename to target/linux/qualcommax/ipq60xx/base-files/etc/hotplug.d/firmware/11-ath11k-caldata diff --git a/target/linux/qualcommax/ipq60xx/base-files/etc/init.d/bootcount b/target/linux/qualcommax/ipq60xx/base-files/etc/init.d/bootcount old mode 100644 new mode 100755 index e8ff90122b..fbe245d988 --- a/target/linux/qualcommax/ipq60xx/base-files/etc/init.d/bootcount +++ b/target/linux/qualcommax/ipq60xx/base-files/etc/init.d/bootcount @@ -12,4 +12,3 @@ boot() { ;; esac } - From 8108967e27feeacbf5ea08462358bff7516f96ac Mon Sep 17 00:00:00 2001 From: Chukun Pan Date: Sun, 8 Dec 2024 23:26:01 +0800 Subject: [PATCH 10/35] qualcommax: use ath11k_patch_mac for MR7350 Use ath11k_patch_mac and ath11k_set_macflag functions instead of fix_wifi_mac script. Signed-off-by: Chukun Pan Link: https://github.com/openwrt/openwrt/pull/17230 Signed-off-by: Robert Marko --- .../etc/hotplug.d/firmware/11-ath11k-caldata | 8 +++++++- .../etc/hotplug.d/ieee80211/11_fix_wifi_mac | 18 ------------------ 2 files changed, 7 insertions(+), 19 deletions(-) delete mode 100644 target/linux/qualcommax/ipq60xx/base-files/etc/hotplug.d/ieee80211/11_fix_wifi_mac diff --git a/target/linux/qualcommax/ipq60xx/base-files/etc/hotplug.d/firmware/11-ath11k-caldata b/target/linux/qualcommax/ipq60xx/base-files/etc/hotplug.d/firmware/11-ath11k-caldata index a5e843ee7b..3380cc8653 100644 --- a/target/linux/qualcommax/ipq60xx/base-files/etc/hotplug.d/firmware/11-ath11k-caldata +++ b/target/linux/qualcommax/ipq60xx/base-files/etc/hotplug.d/firmware/11-ath11k-caldata @@ -15,7 +15,13 @@ case "$FIRMWARE" in cambiumnetworks,xe3-4) caldata_extract "0:ART" 0x1000 0x10000 ;; - linksys,mr7350|\ + linksys,mr7350) + caldata_extract "0:art" 0x1000 0x10000 + addr=$(mtd_get_mac_ascii devinfo hw_mac_addr) + ath11k_patch_mac $(macaddr_add $addr 2) 0 + ath11k_patch_mac $(macaddr_add $addr 1) 1 + ath11k_set_macflag + ;; netgear,wax214) caldata_extract "0:art" 0x1000 0x10000 ;; diff --git a/target/linux/qualcommax/ipq60xx/base-files/etc/hotplug.d/ieee80211/11_fix_wifi_mac b/target/linux/qualcommax/ipq60xx/base-files/etc/hotplug.d/ieee80211/11_fix_wifi_mac deleted file mode 100644 index a67cc7262b..0000000000 --- a/target/linux/qualcommax/ipq60xx/base-files/etc/hotplug.d/ieee80211/11_fix_wifi_mac +++ /dev/null @@ -1,18 +0,0 @@ -[ "$ACTION" == "add" ] || exit 0 - -PHYNBR=${DEVPATH##*/phy} - -[ -n $PHYNBR ] || exit 0 - -. /lib/functions.sh -. /lib/functions/system.sh - -board=$(board_name) - -case "$board" in - linksys,mr7350) - addr=$(mtd_get_mac_ascii devinfo hw_mac_addr) - [ "$PHYNBR" = "0" ] && macaddr_add $addr 2 > /sys${DEVPATH}/macaddress - [ "$PHYNBR" = "1" ] && macaddr_add $addr 1 > /sys${DEVPATH}/macaddress - ;; -esac From 65a1c666f2eb2511430a9064686b3590e08b1773 Mon Sep 17 00:00:00 2001 From: Rany Hany Date: Mon, 2 Dec 2024 11:30:07 +0000 Subject: [PATCH 11/35] hostapd: add SAE support for wifi-station and optimize PSK file creation Regarding SAE support in wifi-station: Important Note: Unlike PSK wifi-stations, both `mac` and `key` options are required to make it work. With PSK, hostapd used to perform a brute-force match to find which PSK entry to use, but with SAE this is infeasible due to SAE's design. When `mac` is omitted, it will allow any MAC address to use the SAE password if it didn't have a MAC address assigned to it, but this could only be done once. The last wildcard entry would be used. Also, unlike "hostapd: add support for SAE in PPSK option" (commit 913368a), it is not required to set `sae_pwe` to `0`. This gives it a slight advantage over using PPSK that goes beyond not needing RADIUS. Example Configuration: ``` config wifi-vlan option iface default_radio0 option name 999 option vid 999 option network management config wifi-station # Allow user with MAC address 00:11:22:33:44:55 and matching # key "secretadminpass" to access the management network. option iface default_radio0 option vid 999 option mac '00:11:22:33:44:55' option key secretadminpass config wifi-vlan option iface default_radio0 option name 100 option vid 100 option network guest config wifi-station # With SAE, when 'mac' is omitted it will be the fallback in case no # other MAC address matches. It won't be possible for a user that # has a matching MAC to use this network (i.e., 00:11:22:33:44:55 # in this example). option iface default_radio0 option vid 100 option key guestpass ``` Regarding PSK file creation optimization: This patch now conditionally runs `hostapd_set_psk_file` depending on `auth_type`. Previously, `hostapd_set_psk` would always execute `hostapd_set_psk_file`, which would create a new file if `wifi-station` was in use even if PSK was not enabled. This change checks the `auth_type` to ensure that it is appropriate to parse the `wifi-station` entries and create those files. Furthermore, we now only configure `wpa_psk_file` when it is a supported option (i.e., psk or psk-sae is used). Previously, we used to configure it when it was not necessary. While it didn't cause any issues, it would litter `/var/run` with unnecessary files. This patch fixes that case by configuring it depending on the `auth_type`. The new SAE support is aligned with these PSK file changes. Signed-off-by: Rany Hany Link: https://github.com/openwrt/openwrt/pull/17145 Signed-off-by: John Crispin --- .../wifi-scripts/files/lib/netifd/hostapd.sh | 38 +++++++++++++++++-- .../files/lib/netifd/wireless/mac80211.sh | 7 +++- .../network/services/hostapd/files/hostapd.uc | 2 + 3 files changed, 43 insertions(+), 4 deletions(-) diff --git a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh index 817ead71af..0b2241ea60 100644 --- a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh +++ b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh @@ -428,9 +428,36 @@ hostapd_set_psk() { local ifname="$1" rm -f /var/run/hostapd-${ifname}.psk + case "$auth_type" in + psk|psk-sae) ;; + *) return ;; + esac for_each_station hostapd_set_psk_file ${ifname} } +hostapd_set_sae_file() { + local ifname="$1" + local vlan="$2" + local vlan_id="" + + json_get_vars mac vid key + set_default mac "ff:ff:ff:ff:ff:ff" + [ -n "$mac" ] && mac="|mac=$mac" + [ -n "$vid" ] && vlan_id="|vlanid=$vid" + printf '%s%s%s\n' "${key}" "${mac}" "${vlan_id}" >> /var/run/hostapd-${ifname}.sae +} + +hostapd_set_sae() { + local ifname="$1" + + rm -f /var/run/hostapd-${ifname}.sae + case "$auth_type" in + sae|psk-sae) ;; + *) return ;; + esac + for_each_station hostapd_set_sae_file ${ifname} +} + append_iw_roaming_consortium() { [ -n "$1" ] && append bss_conf "roaming_consortium=$1" "$N" } @@ -686,7 +713,7 @@ hostapd_set_bss_options() { wps_not_configured=1 ;; psk|sae|psk-sae) - json_get_vars key wpa_psk_file + json_get_vars key wpa_psk_file sae_password_file if [ "$ppsk" -ne 0 ]; then json_get_vars auth_secret auth_port set_default auth_port 1812 @@ -697,15 +724,20 @@ hostapd_set_bss_options() { append bss_conf "wpa_psk=$key" "$N" elif [ ${#key} -ge 8 ] && [ ${#key} -le 63 ]; then append bss_conf "wpa_passphrase=$key" "$N" - elif [ -n "$key" ] || [ -z "$wpa_psk_file" ]; then + elif [ -n "$key" ] || [ -z "$wpa_psk_file" ] || [ -z "$sae_password_file" ]; then wireless_setup_vif_failed INVALID_WPA_PSK return 1 fi [ -z "$wpa_psk_file" ] && set_default wpa_psk_file /var/run/hostapd-$ifname.psk - [ -n "$wpa_psk_file" ] && { + [ -n "$wpa_psk_file" ] && [ "$auth_type" = "psk" -o "$auth_type" = "psk-sae" ] && { [ -e "$wpa_psk_file" ] || touch "$wpa_psk_file" append bss_conf "wpa_psk_file=$wpa_psk_file" "$N" } + [ -z "$sae_password_file" ] && set_default sae_password_file /var/run/hostapd-$ifname.sae + [ -n "$sae_password_file" ] && [ "$auth_type" = "sae" -o "$auth_type" = "psk-sae" ] && { + [ -e "$sae_password_file" ] || touch "$sae_password_file" + append bss_conf "sae_password_file=$sae_password_file" "$N" + } [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N" set_default dynamic_vlan 0 diff --git a/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh b/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh index f65128783f..c835b46e75 100755 --- a/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh +++ b/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh @@ -669,7 +669,7 @@ mac80211_set_ifname() { mac80211_prepare_vif() { json_select config - json_get_vars ifname mode ssid wds powersave macaddr enable wpa_psk_file vlan_file + json_get_vars ifname mode ssid wds powersave macaddr enable wpa_psk_file sae_password_file vlan_file [ -n "$ifname" ] || { local prefix; @@ -702,7 +702,12 @@ mac80211_prepare_vif() { [ "$mode" == "ap" ] && { + json_select config + wireless_vif_parse_encryption + json_select .. + [ -z "$wpa_psk_file" ] && hostapd_set_psk "$ifname" + [ -z "$sae_password_file" ] && hostapd_set_sae "$ifname" [ -z "$vlan_file" ] && hostapd_set_vlan "$ifname" } diff --git a/package/network/services/hostapd/files/hostapd.uc b/package/network/services/hostapd/files/hostapd.uc index 76a3d706f7..1593feef6b 100644 --- a/package/network/services/hostapd/files/hostapd.uc +++ b/package/network/services/hostapd/files/hostapd.uc @@ -10,6 +10,7 @@ hostapd.data.pending_config = {}; hostapd.data.file_fields = { vlan_file: true, wpa_psk_file: true, + sae_password_file: true, accept_mac_file: true, deny_mac_file: true, eap_user_file: true, @@ -365,6 +366,7 @@ function bss_remove_file_fields(config) for (let key in config.hash) new_cfg.hash[key] = config.hash[key]; delete new_cfg.hash.wpa_psk_file; + delete new_cfg.hash.sae_password_file; delete new_cfg.hash.vlan_file; return new_cfg; From 3710323a469212ef0bbc5dc414895f6198edb67e Mon Sep 17 00:00:00 2001 From: Liangbin Lian Date: Sun, 1 Dec 2024 12:45:34 +0800 Subject: [PATCH 12/35] package/firewall: fix config typo change Support-UDP-Traceroute rule from 'enabled false' to 'enabled 0' Signed-off-by: Liangbin Lian Link: https://github.com/openwrt/openwrt/pull/17133 Signed-off-by: John Crispin --- package/network/config/firewall/Makefile | 2 +- package/network/config/firewall/files/firewall.config | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile index a4b17f0b53..042883264d 100644 --- a/package/network/config/firewall/Makefile +++ b/package/network/config/firewall/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=firewall -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall3.git diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config index b90ac7af0a..4c7ef8a96e 100644 --- a/package/network/config/firewall/files/firewall.config +++ b/package/network/config/firewall/files/firewall.config @@ -138,7 +138,7 @@ config rule option proto udp option family ipv4 option target REJECT - option enabled false + option enabled 0 # include a file with users custom iptables rules config include From cbdfd03e42f5619127d357eaba48b77f62628654 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Owoc?= Date: Fri, 6 Dec 2024 17:11:59 +0100 Subject: [PATCH 13/35] base-files: add option to set LED brightness MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add option to set LED brightness via uci: config led 'led_blue' option name 'blue' option sysfs 'blue:status' option brightness '1' Signed-off-by: Paweł Owoc Link: https://github.com/openwrt/openwrt/pull/17190 Signed-off-by: John Crispin --- package/base-files/files/etc/init.d/led | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/package/base-files/files/etc/init.d/led b/package/base-files/files/etc/init.d/led index 377b9dcf3e..d292e2a8dd 100755 --- a/package/base-files/files/etc/init.d/led +++ b/package/base-files/files/etc/init.d/led @@ -51,6 +51,7 @@ load_led() { local delayon local delayoff local interval + local brightness config_get sysfs $1 sysfs config_get name $1 name "$sysfs" @@ -67,6 +68,7 @@ load_led() { config_get message $1 message "" config_get gpio $1 gpio "0" config_get_bool inverted $1 inverted "0" + config_get brightness $1 brightness [ "$2" ] && [ "$sysfs" != "$2" ] && return @@ -105,7 +107,8 @@ load_led() { echo 0 >/sys/class/leds/${sysfs}/brightness [ $default = 1 ] && - cat /sys/class/leds/${sysfs}/max_brightness > /sys/class/leds/${sysfs}/brightness + [ -z "$brightness" ] && brightness=$(cat /sys/class/leds/${sysfs}/max_brightness) + echo $brightness > /sys/class/leds/${sysfs}/brightness led_color_set "$1" "$sysfs" From bf768867dc0eea6b51d2db90a8f1380cc52529c1 Mon Sep 17 00:00:00 2001 From: "Leon M. Busch-George" Date: Sat, 19 Oct 2024 11:43:23 +0200 Subject: [PATCH 14/35] qmi: sort config variables a little and fix minor bugs Group 'local' declarations and 'json_get_vars', sort alphabetically within groups, and split off more generic parameters. - delegate and sourcefilter were not declared as local variables Signed-off-by: Leon M. Busch-George --- .../utils/uqmi/files/lib/netifd/proto/qmi.sh | 21 +++++++++++-------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/package/network/utils/uqmi/files/lib/netifd/proto/qmi.sh b/package/network/utils/uqmi/files/lib/netifd/proto/qmi.sh index 8ec577a90b..b08b225104 100755 --- a/package/network/utils/uqmi/files/lib/netifd/proto/qmi.sh +++ b/package/network/utils/uqmi/files/lib/netifd/proto/qmi.sh @@ -34,17 +34,20 @@ proto_qmi_init_config() { proto_qmi_setup() { local interface="$1" - local dataformat connstat plmn_mode mcc mnc - local device apn v6apn auth username password pincode delay modes pdptype - local profile v6profile dhcp dhcpv6 autoconnect plmn timeout mtu $PROTO_DEFAULT_OPTIONS - local ip4table ip6table - local cid_4 pdh_4 cid_6 pdh_6 - local ip_6 ip_prefix_length gateway_6 dns1_6 dns2_6 + + local connstat dataformat mcc mnc plmn_mode + local cid_4 cid_6 pdh_4 pdh_6 + local dns1_6 dns2_6 gateway_6 ip_6 ip_prefix_length local profile_pdptype - json_get_vars device apn v6apn auth username password pincode delay modes - json_get_vars pdptype profile v6profile dhcp dhcpv6 sourcefilter delegate autoconnect plmn ip4table - json_get_vars ip6table timeout mtu $PROTO_DEFAULT_OPTIONS + local delegate ip4table ip6table mtu sourcefilter $PROTO_DEFAULT_OPTIONS + json_get_vars delegate ip4table ip6table mtu sourcefilter $PROTO_DEFAULT_OPTIONS + + local apn auth delay device modes password pdptype pincode username v6apn + json_get_vars apn auth delay device modes password pdptype pincode username v6apn + + local profile v6profile dhcp dhcpv6 autoconnect plmn timeout + json_get_vars profile v6profile dhcp dhcpv6 autoconnect plmn timeout [ "$timeout" = "" ] && timeout="10" From 650410fca4596328d0ec75cefd7e1b202e896a48 Mon Sep 17 00:00:00 2001 From: "Leon M. Busch-George" Date: Sat, 19 Oct 2024 11:52:51 +0200 Subject: [PATCH 15/35] ncm: sort config variables a little and fix minor bugs Group 'local' declarations and 'json_get_vars', sort alphabetically within groups, and split off more generic parameters. - delegate and sourcefilter were not declared as local variables Signed-off-by: Leon M. Busch-George --- package/network/utils/comgt/files/ncm.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/package/network/utils/comgt/files/ncm.sh b/package/network/utils/comgt/files/ncm.sh index e9412b28fe..761dafb24e 100644 --- a/package/network/utils/comgt/files/ncm.sh +++ b/package/network/utils/comgt/files/ncm.sh @@ -28,12 +28,13 @@ proto_ncm_init_config() { proto_ncm_setup() { local interface="$1" - local manufacturer initialize setmode connect finalize devname devpath ifpath + local connect context_type devname devpath finalize ifpath initialize manufacturer setmode - local device ifname apn auth username password pincode delay mode pdptype profile $PROTO_DEFAULT_OPTIONS - json_get_vars device ifname apn auth username password pincode delay mode pdptype sourcefilter delegate profile $PROTO_DEFAULT_OPTIONS + local delegate sourcefilter $PROTO_DEFAULT_OPTIONS + json_get_vars delegate sourcefilter $PROTO_DEFAULT_OPTIONS - local context_type + local apn auth delay device ifname mode password pdptype pincode profile username + json_get_vars apn auth delay device ifname mode password pdptype pincode profile username [ "$metric" = "" ] && metric="0" From 821ebce8c115f8670eb0dd83e45efc2a15d3469f Mon Sep 17 00:00:00 2001 From: "Leon M. Busch-George" Date: Sat, 19 Oct 2024 12:03:08 +0200 Subject: [PATCH 16/35] mbim: sort config variables a little and fix minor bugs Group 'local' declarations and 'json_get_vars', sort alphabetically within groups, and split off more generic parameters. - delegate and sourcefilter were not declared as local variables Signed-off-by: Leon M. Busch-George Link: https://github.com/openwrt/openwrt/pull/16734 Signed-off-by: John Crispin --- .../utils/umbim/files/lib/netifd/proto/mbim.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/package/network/utils/umbim/files/lib/netifd/proto/mbim.sh b/package/network/utils/umbim/files/lib/netifd/proto/mbim.sh index 75b914e8aa..01e8628d74 100755 --- a/package/network/utils/umbim/files/lib/netifd/proto/mbim.sh +++ b/package/network/utils/umbim/files/lib/netifd/proto/mbim.sh @@ -46,10 +46,14 @@ _proto_mbim_setup() { local tid=2 local ret - local device apn pincode delay auth username password allow_roaming allow_partner - local dhcp dhcpv6 pdptype ip4table ip6table mtu $PROTO_DEFAULT_OPTIONS - json_get_vars device apn pincode delay auth username password allow_roaming allow_partner - json_get_vars dhcp dhcpv6 sourcefilter delegate pdptype ip4table ip6table mtu $PROTO_DEFAULT_OPTIONS + local allow_partner allow_roaming apn auth delay device password pincode username + json_get_vars allow_partner allow_roaming apn auth delay device password pincode username + + local dhcp dhcpv6 pdptype + json_get_vars dhcp dhcpv6 pdptype + + local delegate ip4table ip6table mtu sourcefilter $PROTO_DEFAULT_OPTIONS + json_get_vars delegate ip4table ip6table mtu sourcefilter $PROTO_DEFAULT_OPTIONS [ ! -e /proc/sys/net/ipv6 ] && ipv6=0 || json_get_var ipv6 ipv6 From 794291bbdf26ad2be7581fc0c921e4d820937c79 Mon Sep 17 00:00:00 2001 From: David Bentham Date: Tue, 22 Oct 2024 10:46:05 +0100 Subject: [PATCH 17/35] mediatek: add Comfast CF-E395AX support by adding an alternative model name both these devices share the board and same config, just different model number Install instructions are the same as the CF-E393AX commit - https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=d8f4453bf2de9fd9baf3d660ed12e0797ff2cfdb Signed-off-by: David Bentham Link: https://github.com/openwrt/openwrt/pull/16389 Signed-off-by: John Crispin --- target/linux/mediatek/image/filogic.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/target/linux/mediatek/image/filogic.mk b/target/linux/mediatek/image/filogic.mk index c1b38403a6..c18873e697 100644 --- a/target/linux/mediatek/image/filogic.mk +++ b/target/linux/mediatek/image/filogic.mk @@ -536,6 +536,8 @@ TARGET_DEVICES += cmcc_rax3000m define Device/comfast_cf-e393ax DEVICE_VENDOR := COMFAST DEVICE_MODEL := CF-E393AX + DEVICE_ALT0_VENDOR := COMFAST + DEVICE_ALT0_MODEL := CF-E395AX DEVICE_DTS := mt7981a-comfast-cf-e393ax DEVICE_DTS_DIR := ../dts DEVICE_DTC_FLAGS := --pad 4096 From 36f309af05241f09b185c6297ef6361316719b50 Mon Sep 17 00:00:00 2001 From: Chuck R Date: Sun, 8 Sep 2024 14:28:06 -0500 Subject: [PATCH 18/35] dnsmasq: pass environment variables to hotplug dnsmasq passes a limited amount of information via DHCP script arguments. Much more information is available through environment variables starting with DNSMASQ_, such as DNSMASQ_INTERFACE. However, when the dhcp-script builds its JSON environment and passes it to hotplug, all of this information is discarded since it is not copied to the JSON environment. Personally, I have a custom-made set of DDNS scripts and rely on environment variables such as DNSMASQ_INTERFACE in order to determine which DNS zones to update. So, not being able to access these variables was detrimental to me. I patched in a quick copy of all DNSMASQ_ variables to the JSON environment so that they can be used in hotplug scripts. In order to do so I also copied /usr/bin/env into dnsmasq's chroot jail. Signed-off-by: Chuck R Link: https://github.com/openwrt/openwrt/pull/16354 Signed-off-by: John Crispin --- package/network/services/dnsmasq/files/dhcp-script.sh | 9 +++++++++ package/network/services/dnsmasq/files/dnsmasq.init | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/package/network/services/dnsmasq/files/dhcp-script.sh b/package/network/services/dnsmasq/files/dhcp-script.sh index 470097bf6b..f0c8b50902 100755 --- a/package/network/services/dnsmasq/files/dhcp-script.sh +++ b/package/network/services/dnsmasq/files/dhcp-script.sh @@ -8,6 +8,15 @@ json_init json_add_array env hotplugobj="" +oldIFS=$IFS +IFS=$'\n' +for var in $(env); do + if [ "${var}" != "${var#DNSMASQ_}" ]; then + json_add_string "" "${var%%=*}=${var#*=}" + fi +done +IFS=$oldIFS + case "$1" in add | del | old | arp-add | arp-del) json_add_string "" "MACADDR=$2" diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index b864ea9069..2e07e13d36 100755 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -20,7 +20,7 @@ BASEDHCPSTAMPFILE="/var/run/dnsmasq" DHCPBOGUSHOSTNAMEFILE="/usr/share/dnsmasq/dhcpbogushostname.conf" RFC6761FILE="/usr/share/dnsmasq/rfc6761.conf" DHCPSCRIPT="/usr/lib/dnsmasq/dhcp-script.sh" -DHCPSCRIPT_DEPENDS="/usr/share/libubox/jshn.sh /usr/bin/jshn /bin/ubus" +DHCPSCRIPT_DEPENDS="/usr/share/libubox/jshn.sh /usr/bin/jshn /bin/ubus /usr/bin/env" DNSMASQ_DHCP_VER=4 From 1f11912138ce8a77cc0e2faa26942133d393b010 Mon Sep 17 00:00:00 2001 From: Markus Gothe Date: Wed, 12 Jan 2022 17:13:43 +0100 Subject: [PATCH 19/35] ccache: Speed up building. - Disable compression for ccache's cached files. - Disable the hashing of the CWD inside debug information. This increases the cache hits drastically. Signed-off-by: Markus Gothe --- rules.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rules.mk b/rules.mk index 54df407fca..9db7c72fa4 100644 --- a/rules.mk +++ b/rules.mk @@ -342,6 +342,8 @@ ifneq ($(CONFIG_CCACHE),) TARGET_CXX:= ccache $(TARGET_CXX) HOSTCC:= ccache $(HOSTCC) HOSTCXX:= ccache $(HOSTCXX) + export CCACHE_NOHASHDIR:=true + export CCACHE_NOCOMPRESS:=true export CCACHE_BASEDIR:=$(TOPDIR) export CCACHE_DIR:=$(if $(call qstrip,$(CONFIG_CCACHE_DIR)),$(call qstrip,$(CONFIG_CCACHE_DIR)),$(TOPDIR)/.ccache) export CCACHE_COMPILERCHECK:=%compiler% -dumpmachine; %compiler% -dumpversion From 3859e8eeb82950d8594f60d40e5ee23fd02207c9 Mon Sep 17 00:00:00 2001 From: Markus Gothe Date: Tue, 7 Feb 2023 22:00:33 +0100 Subject: [PATCH 20/35] rules.mk: Update ccache's compiler check. Update the compiler check for ccache so we don't end up with the wrong binaries. Right now the compiler check will not be able to correctly distinguish the compiler used for build ARMv8 binaries from the one used to build ARMv7 binaries. Signed-off-by: Markus Gothe Link: https://github.com/openwrt/openwrt/pull/16290 Signed-off-by: John Crispin --- rules.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules.mk b/rules.mk index 9db7c72fa4..16d6020e1a 100644 --- a/rules.mk +++ b/rules.mk @@ -346,7 +346,7 @@ ifneq ($(CONFIG_CCACHE),) export CCACHE_NOCOMPRESS:=true export CCACHE_BASEDIR:=$(TOPDIR) export CCACHE_DIR:=$(if $(call qstrip,$(CONFIG_CCACHE_DIR)),$(call qstrip,$(CONFIG_CCACHE_DIR)),$(TOPDIR)/.ccache) - export CCACHE_COMPILERCHECK:=%compiler% -dumpmachine; %compiler% -dumpversion + export CCACHE_COMPILERCHECK:=%compiler% -v -c endif TARGET_CONFIGURE_OPTS = \ From ebf1866d091d5f4994cf104ab248782f90df2c88 Mon Sep 17 00:00:00 2001 From: Mark Mentovai Date: Fri, 26 Jul 2024 23:28:36 -0400 Subject: [PATCH 21/35] .gitattributes: ignore some whitespace "violations" in .patch files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git's default core.whitespace[1] setting doesn't agree with .patch files. This causes whitespace warnings when running `git apply`, (including via `git am`) and causes red highlighting when viewing diffs to .patch files via `git diff` (including via `git show`) when outputting to a terminal. These types of whitespace “violations” will now be explicitly disabled for .patch files in the repository-wide .gitattributes file to prevent git from suggesting that there’s anything wrong with checked-in .patch files. A .patch file will naturally have `space-before-tab` if a context line (not a +/- line) begins with a tab character (as is common in patches to files that use the tab indent convention), and will also naturally have `trailing-space` if a context line is blank (also common). Neither `indent-with-non-tab` nor `tab-in-indent` are enabled in core.whitespace by default, but could also occur naturally in .patch files, and are also explicitly disabled here for completeness to cover cases where they may be enabled in core.whitespace at the global or system level. These false violations may be flagged frequently in OpenWrt, because the repository contains many .patch files. There are currently just over 5,000 .patch files, representing slightly more than half of all files. [1] https://git-scm.com/book/en/v2/Customizing-Git-Git-Configuration#_core_whitespace Link: https://github.com/openwrt/openwrt/pull/16012 Signed-off-by: Mark Mentovai Link: https://github.com/openwrt/openwrt/pull/16015 Signed-off-by: John Crispin --- .gitattributes | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitattributes b/.gitattributes index fa1385d99a..ab4772b9c6 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1 +1,2 @@ * -text +*.patch whitespace=-indent-with-non-tab,-space-before-tab,-tab-in-indent,-trailing-space From d67963943b52bd996368f829d8dea5432de55292 Mon Sep 17 00:00:00 2001 From: Rouven Czerwinski Date: Wed, 17 Jul 2024 21:28:11 +0200 Subject: [PATCH 22/35] ipq40xx: disable SPI DMA for Fritzbox 4040 We have seen hung devices and failures during SPI transactions on Fritzbox devices with a gluon based freifunk network. We have narrowed down that disabling DMA for spi fixes the problem, so disable dma for the SPI controller on the Fritzbox 4040. Signed-off-by: Rouven Czerwinski Link: https://github.com/openwrt/openwrt/pull/15966 Signed-off-by: John Crispin --- .../arch/arm/boot/dts/qcom/qcom-ipq4018-fritzbox-4040.dts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/target/linux/ipq40xx/files-6.6/arch/arm/boot/dts/qcom/qcom-ipq4018-fritzbox-4040.dts b/target/linux/ipq40xx/files-6.6/arch/arm/boot/dts/qcom/qcom-ipq4018-fritzbox-4040.dts index b3617eb45e..bcb3b24232 100644 --- a/target/linux/ipq40xx/files-6.6/arch/arm/boot/dts/qcom/qcom-ipq4018-fritzbox-4040.dts +++ b/target/linux/ipq40xx/files-6.6/arch/arm/boot/dts/qcom/qcom-ipq4018-fritzbox-4040.dts @@ -151,6 +151,8 @@ pinctrl-0 = <&spi_0_pins>; pinctrl-names = "default"; status = "okay"; + /delete-property/ dmas; + /delete-property/ dma-names; cs-gpios = <&tlmm 54 GPIO_ACTIVE_HIGH>; flash@0 { From 06c2d5524c0d162ac2af5e55b03e217fcb882cf7 Mon Sep 17 00:00:00 2001 From: Rodrigo Balerdi Date: Tue, 30 Apr 2024 08:25:57 -0300 Subject: [PATCH 23/35] base-files: fix cleanup after settings restore Some devices use file '/tmp/sysupgrade.tar' during settings restore and this potentially big file was not being cleaned up from RAM afterwards. See: do_mount_root() (base-files/files/lib/preinit/80_mount_root) Signed-off-by: Rodrigo Balerdi Link: https://github.com/openwrt/openwrt/pull/15339 Signed-off-by: John Crispin --- package/base-files/files/etc/init.d/done | 1 + 1 file changed, 1 insertion(+) diff --git a/package/base-files/files/etc/init.d/done b/package/base-files/files/etc/init.d/done index 32d6118df7..77d2721f7d 100755 --- a/package/base-files/files/etc/init.d/done +++ b/package/base-files/files/etc/init.d/done @@ -5,6 +5,7 @@ START=95 boot() { mount_root done rm -f /sysupgrade.tgz && sync + rm -f /tmp/sysupgrade.tar && sync # process user commands [ -f /etc/rc.local ] && { From 5fd86d66c15fc4d6f5076f7d07c91e0690d91531 Mon Sep 17 00:00:00 2001 From: Jonathan Brophy Date: Tue, 10 Sep 2024 21:43:23 +1200 Subject: [PATCH 24/35] kernel: modules: add support for led-group-multicolor This option enables support for monochrome LEDs that are grouped into multicolor LEDs which is useful in the case where LEDs of different colors are physically grouped in a single multi-color LED and driven by a controller that doesn't have multi-color support. Signed-off-by: Jonathan Brophy Link: https://github.com/openwrt/openwrt/pull/16397 Signed-off-by: John Crispin --- package/kernel/linux/modules/leds.mk | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/package/kernel/linux/modules/leds.mk b/package/kernel/linux/modules/leds.mk index 0c42895bb2..f6f74283ee 100644 --- a/package/kernel/linux/modules/leds.mk +++ b/package/kernel/linux/modules/leds.mk @@ -22,6 +22,25 @@ endef $(eval $(call KernelPackage,leds-gpio)) +define KernelPackage/led-group-multicolor + SUBMENU:=$(LEDS_MENU) + TITLE:=LEDs group multi-color support + KCONFIG:= \ + CONFIG_LEDS_CLASS_MULTICOLOR \ + CONFIG_LEDS_GROUP_MULTICOLOR + FILES:=$(LINUX_DIR)/drivers/leds/rgb/leds-group-multicolor.ko + AUTOLOAD:=$(call AutoProbe,led-group-multi-color) +endef + +define KernelPackage/led-group-multi-color/description + This option enables support for monochrome LEDs that are grouped + into multicolor LEDs which is useful in the case where LEDs of + different colors are physically grouped in a single multi-color LED + and driven by a controller that does not have multi-color support. +endef + +$(eval $(call KernelPackage,led-group-multi-color)) + LED_TRIGGER_DIR=$(LINUX_DIR)/drivers/leds/trigger define KernelPackage/ledtrig-activity @@ -313,4 +332,4 @@ define KernelPackage/leds-lp5562/description LED controllers. endef -$(eval $(call KernelPackage,leds-lp5562)) \ No newline at end of file +$(eval $(call KernelPackage,leds-lp5562)) From 1cea889c96a8df4e91236e269539b086d519a60a Mon Sep 17 00:00:00 2001 From: John Crispin Date: Thu, 12 Dec 2024 13:52:43 +0100 Subject: [PATCH 25/35] kernel: modules: fix led-group-multi-color patch Fixes: 5fd86d6 ("kernel: modules: add support for led-group-multicolor") Signed-off-by: John Crispin --- package/kernel/linux/modules/leds.mk | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/package/kernel/linux/modules/leds.mk b/package/kernel/linux/modules/leds.mk index f6f74283ee..6c619b658e 100644 --- a/package/kernel/linux/modules/leds.mk +++ b/package/kernel/linux/modules/leds.mk @@ -22,21 +22,20 @@ endef $(eval $(call KernelPackage,leds-gpio)) -define KernelPackage/led-group-multicolor - SUBMENU:=$(LEDS_MENU) - TITLE:=LEDs group multi-color support - KCONFIG:= \ - CONFIG_LEDS_CLASS_MULTICOLOR \ - CONFIG_LEDS_GROUP_MULTICOLOR - FILES:=$(LINUX_DIR)/drivers/leds/rgb/leds-group-multicolor.ko - AUTOLOAD:=$(call AutoProbe,led-group-multi-color) +define KernelPackage/led-group-multi-color + SUBMENU:=$(LEDS_MENU) + TITLE:=LEDs group multi-color support + KCONFIG:=CONFIG_LEDS_CLASS_MULTICOLOR \ + CONFIG_LEDS_GROUP_MULTICOLOR + FILES:=$(LINUX_DIR)/drivers/leds/rgb/leds-group-multicolor.ko + AUTOLOAD:=$(call AutoProbe,led-group-multi-color) endef define KernelPackage/led-group-multi-color/description - This option enables support for monochrome LEDs that are grouped - into multicolor LEDs which is useful in the case where LEDs of - different colors are physically grouped in a single multi-color LED - and driven by a controller that does not have multi-color support. + This option enables support for monochrome LEDs that are grouped + into multicolor LEDs which is useful in the case where LEDs of + different colors are physically grouped in a single multi-color LED + and driven by a controller that does not have multi-color support. endef $(eval $(call KernelPackage,led-group-multi-color)) From 1375a7bae0d5e8dddb6b6cfe0584a399cd6c20b4 Mon Sep 17 00:00:00 2001 From: John Crispin Date: Thu, 12 Dec 2024 15:43:35 +0100 Subject: [PATCH 26/35] Revert "kernel: modules: fix led-group-multi-color patch" This reverts commit 1cea889c96a8df4e91236e269539b086d519a60a. This reverts commit 5fd86d66c15fc4d6f5076f7d07c91e0690d91531. The patch is causing build servers to fail. Revert it for now. Signed-off-by: John Crispin --- package/kernel/linux/modules/leds.mk | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/package/kernel/linux/modules/leds.mk b/package/kernel/linux/modules/leds.mk index 6c619b658e..0c42895bb2 100644 --- a/package/kernel/linux/modules/leds.mk +++ b/package/kernel/linux/modules/leds.mk @@ -22,24 +22,6 @@ endef $(eval $(call KernelPackage,leds-gpio)) -define KernelPackage/led-group-multi-color - SUBMENU:=$(LEDS_MENU) - TITLE:=LEDs group multi-color support - KCONFIG:=CONFIG_LEDS_CLASS_MULTICOLOR \ - CONFIG_LEDS_GROUP_MULTICOLOR - FILES:=$(LINUX_DIR)/drivers/leds/rgb/leds-group-multicolor.ko - AUTOLOAD:=$(call AutoProbe,led-group-multi-color) -endef - -define KernelPackage/led-group-multi-color/description - This option enables support for monochrome LEDs that are grouped - into multicolor LEDs which is useful in the case where LEDs of - different colors are physically grouped in a single multi-color LED - and driven by a controller that does not have multi-color support. -endef - -$(eval $(call KernelPackage,led-group-multi-color)) - LED_TRIGGER_DIR=$(LINUX_DIR)/drivers/leds/trigger define KernelPackage/ledtrig-activity @@ -331,4 +313,4 @@ define KernelPackage/leds-lp5562/description LED controllers. endef -$(eval $(call KernelPackage,leds-lp5562)) +$(eval $(call KernelPackage,leds-lp5562)) \ No newline at end of file From 1be18c6daad83bc4198dc7aefd9979b7fe8fbfd4 Mon Sep 17 00:00:00 2001 From: David Bauer Date: Thu, 12 Dec 2024 16:36:50 +0100 Subject: [PATCH 27/35] wifi-scripts: fix failing mesh setup with missing wpa_supplicant The initialization of mesh interfaces currently fail when wpa_supplicant is not installed. This is due to the script calling the wpa_supplicant feature indicator without verifying wpa_supplicant is installed at all. To avoid failing, first check if wpa_supplicant is installed before determining the available featureset. Signed-off-by: David Bauer --- .../config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh b/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh index c835b46e75..1fb3edf055 100755 --- a/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh +++ b/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh @@ -1023,7 +1023,7 @@ mac80211_setup_vif() { json_get_vars $MP_CONFIG_INT $MP_CONFIG_BOOL $MP_CONFIG_STRING wireless_vif_parse_encryption [ -z "$htmode" ] && htmode="NOHT"; - if wpa_supplicant -vmesh; then + if [ -x /usr/sbin/wpa_supplicant ] && wpa_supplicant -vmesh; then mac80211_setup_supplicant || failed=1 else mac80211_setup_mesh From 00860e485b2ef82c1fafc8e011f3a8965e317bca Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Mon, 9 Dec 2024 20:09:15 +0100 Subject: [PATCH 28/35] wifi-scripts: add macaddr_base wifi-device option This can be used to configure the base mac address from which all interface mac addresses are derived Signed-off-by: Felix Fietkau --- .../files-ucode/lib/netifd/wireless/mac80211.sh | 2 +- .../usr/share/schema/wireless.wifi-device.json | 4 ++++ .../files-ucode/usr/share/ucode/wifi/hostapd.uc | 2 ++ .../files-ucode/usr/share/ucode/wifi/iface.uc | 4 ++-- .../files-ucode/usr/share/ucode/wifi/supplicant.uc | 2 ++ .../files/lib/netifd/wireless/mac80211.sh | 9 ++++++--- .../wifi-scripts/files/usr/share/hostap/common.uc | 4 +++- package/network/services/hostapd/files/hostapd.uc | 3 +++ .../network/services/hostapd/files/wpa_supplicant.uc | 11 ++++++++--- 9 files changed, 31 insertions(+), 10 deletions(-) diff --git a/package/network/config/wifi-scripts/files-ucode/lib/netifd/wireless/mac80211.sh b/package/network/config/wifi-scripts/files-ucode/lib/netifd/wireless/mac80211.sh index cfd7424061..93ab404d57 100755 --- a/package/network/config/wifi-scripts/files-ucode/lib/netifd/wireless/mac80211.sh +++ b/package/network/config/wifi-scripts/files-ucode/lib/netifd/wireless/mac80211.sh @@ -302,7 +302,7 @@ function setup() { if (mode != "ap") data.config.noscan = true; validate('iface', v.config); - iface.prepare(v.config, data.phy + data.phy_suffix, data.config.num_global_macaddr); + iface.prepare(v.config, data.phy + data.phy_suffix, data.config.num_global_macaddr, data.config.macaddr_base); netifd.set_vif(k, v.config.ifname); break; } diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/schema/wireless.wifi-device.json b/package/network/config/wifi-scripts/files-ucode/usr/share/schema/wireless.wifi-device.json index 77b7adada8..4354b4f816 100644 --- a/package/network/config/wifi-scripts/files-ucode/usr/share/schema/wireless.wifi-device.json +++ b/package/network/config/wifi-scripts/files-ucode/usr/share/schema/wireless.wifi-device.json @@ -490,6 +490,10 @@ "type": "alias", "default": "bssid" }, + "macaddr_base": { + "type": "string", + "description": "Base MAC address used for deriving interface MAC addresses" + }, "max_amsdu": { "description": "Maximum A-MSDU length of 7935 octects (3839 octets if option set to 0)", "type": "boolean", diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc index c7baa8d85b..f95f01e846 100644 --- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc +++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc @@ -544,6 +544,8 @@ export function setup(data) { if (data.config.num_global_macaddr) append('\n#num_global_macaddr', data.config.num_global_macaddr); + if (data.config.macaddr_base) + append('\n#macaddr_base', data.config.macaddr_base); for (let k, interface in data.interfaces) { if (interface.config.mode != 'ap') diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/iface.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/iface.uc index daddb801ef..ed9b2625bb 100644 --- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/iface.uc +++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/iface.uc @@ -178,9 +178,9 @@ function macaddr_random() { } let mac_idx = 0; -export function prepare(data, phy, num_global_macaddr) { +export function prepare(data, phy, num_global_macaddr, macaddr_base) { if (!data.macaddr) { - let pipe = fs.popen(`ucode /usr/share/hostap/wdev.uc ${phy} get_macaddr id=${mac_idx} num_global=${num_global_macaddr} mbssid=${data.mbssid ?? 0}`); + let pipe = fs.popen(`ucode /usr/share/hostap/wdev.uc ${phy} get_macaddr id=${mac_idx} num_global=${num_global_macaddr} mbssid=${data.mbssid ?? 0} macaddr_base=${macaddr_base}`); data.macaddr = trim(pipe.read("all"), '\n'); pipe.close(); diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc index 0519e58177..c7bfeb6b9a 100644 --- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc +++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc @@ -221,6 +221,7 @@ export function setup(config, data) { config, defer: true, num_global_macaddr: data.config.num_global_macaddr, + macaddr_base: data.config.macaddr_base, }); if (ret) @@ -235,5 +236,6 @@ export function start(data) { phy: data.phy, radio: data.config.radio, num_global_macaddr: data.config.num_global_macaddr, + macaddr_base: data.config.macaddr_base, }); }; diff --git a/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh b/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh index 1fb3edf055..5d9bf8ee09 100755 --- a/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh +++ b/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh @@ -30,6 +30,7 @@ drv_mac80211_init_device_config() { config_add_string tx_burst config_add_string distance config_add_string ifname_prefix + config_add_string macaddr_base config_add_int radio beacon_int chanbw frag rts config_add_int rxantenna txantenna txpower min_tx_power config_add_int num_global_macaddr multiple_bssid @@ -530,6 +531,7 @@ ${hostapd_noscan:+noscan=1} ${tx_burst:+tx_queue_data2_burst=$tx_burst} ${multiple_bssid:+mbssid=$multiple_bssid} #num_global_macaddr=$num_global_macaddr +#macaddr_base=$macaddr_base $base_cfg EOF @@ -577,7 +579,7 @@ mac80211_generate_mac() { local phy="$1" local id="${macidx:-0}" - wdev_tool "$phy$phy_suffix" get_macaddr id=$id num_global=$num_global_macaddr mbssid=${multiple_bssid:-0} + wdev_tool "$phy$phy_suffix" get_macaddr id=$id num_global=$num_global_macaddr mbssid=${multiple_bssid:-0} macaddr_base=${macaddr_base} } get_board_phy_name() ( @@ -939,6 +941,7 @@ wpa_supplicant_set_config() { json_add_string phy "$phy" json_add_int radio "$radio" json_add_int num_global_macaddr "$num_global_macaddr" + json_add_string macaddr_base "$macaddr_base" json_add_boolean defer 1 local data="$(json_dump)" @@ -985,7 +988,7 @@ wpa_supplicant_start() { [ -n "$wpa_supp_init" ] || return 0 - ubus_call wpa_supplicant config_set '{ "phy": "'"$phy"'", "radio": '"$radio"', "num_global_macaddr": '"$num_global_macaddr"' }' > /dev/null + ubus_call wpa_supplicant config_set '{ "phy": "'"$phy"'", "radio": '"$radio"', "num_global_macaddr": '"$num_global_macaddr"', "macaddr_base": "'"$macaddr_base"'" }' > /dev/null } mac80211_setup_supplicant() { @@ -1112,7 +1115,7 @@ drv_mac80211_setup() { rxantenna txantenna \ frag rts beacon_int:100 htmode \ num_global_macaddr:1 multiple_bssid \ - ifname_prefix + ifname_prefix macaddr_base json_get_values basic_rate_list basic_rate json_get_values scan_list scan_list json_select .. diff --git a/package/network/config/wifi-scripts/files/usr/share/hostap/common.uc b/package/network/config/wifi-scripts/files/usr/share/hostap/common.uc index c6bfb62ef3..fd28b66472 100644 --- a/package/network/config/wifi-scripts/files/usr/share/hostap/common.uc +++ b/package/network/config/wifi-scripts/files/usr/share/hostap/common.uc @@ -213,7 +213,9 @@ const phy_proto = { if (!base_mask) return null; - if (base_mask == "00:00:00:00:00:00" && + if (data.macaddr_base) + base_addr = data.macaddr_base; + else if (base_mask == "00:00:00:00:00:00" && (radio_idx > 0 || idx >= num_global)) { let addrs = split(phy_sysfs_file(phy, "addresses"), "\n"); diff --git a/package/network/services/hostapd/files/hostapd.uc b/package/network/services/hostapd/files/hostapd.uc index 1593feef6b..053f08cb96 100644 --- a/package/network/services/hostapd/files/hostapd.uc +++ b/package/network/services/hostapd/files/hostapd.uc @@ -280,6 +280,7 @@ function iface_macaddr_init(phydev, config, macaddr_list) { let macaddr_data = { num_global: config.num_global_macaddr ?? 1, + macaddr_base: config.macaddr_base, mbssid: config.mbssid ?? 0, }; @@ -750,6 +751,8 @@ function iface_load_config(phy, radio, filename) if (val[0] == "#num_global_macaddr") config[substr(val[0], 1)] = int(val[1]); + else if (val[0] == "#macaddr_base") + config[substr(val[0], 1)] = val[1]; else if (val[0] == "mbssid") config[val[0]] = int(val[1]); diff --git a/package/network/services/hostapd/files/wpa_supplicant.uc b/package/network/services/hostapd/files/wpa_supplicant.uc index fbea27628e..f288121e9d 100644 --- a/package/network/services/hostapd/files/wpa_supplicant.uc +++ b/package/network/services/hostapd/files/wpa_supplicant.uc @@ -68,7 +68,7 @@ function prepare_config(config, radio) return { config }; } -function set_config(config_name, phy_name, radio, num_global_macaddr, config_list) +function set_config(config_name, phy_name, radio, num_global_macaddr, macaddr_base, config_list) { let phy = wpas.data.config[config_name]; @@ -83,6 +83,7 @@ function set_config(config_name, phy_name, radio, num_global_macaddr, config_lis phy.radio = radio; phy.num_global_macaddr = num_global_macaddr; + phy.macaddr_base = macaddr_base; let values = []; for (let config in config_list) @@ -106,7 +107,10 @@ function start_pending(phy_name) } let macaddr_list = wpas.data.macaddr_list[phy_name]; - phydev.macaddr_init(macaddr_list, { num_global: phy.num_global_macaddr }); + phydev.macaddr_init(macaddr_list, { + num_global: phy.num_global_macaddr, + macaddr_base: phy.macaddr_base, + }); for (let ifname in phy.data) iface_start(phydev, phy.data[ifname]); @@ -210,6 +214,7 @@ let main_obj = { phy: "", radio: 0, num_global_macaddr: 0, + macaddr_base: "", config: [], defer: true, }, @@ -221,7 +226,7 @@ let main_obj = { wpas.printf(`Set new config for phy ${phy}`); try { if (req.args.config) - set_config(phy, req.args.phy, req.args.radio, req.args.num_global_macaddr, req.args.config); + set_config(phy, req.args.phy, req.args.radio, req.args.num_global_macaddr, req.args.macaddr_base, req.args.config); if (!req.args.defer) start_pending(phy); From 97c8a94ec509407105db1b942ae5b8ab92252480 Mon Sep 17 00:00:00 2001 From: Sybil127 Date: Thu, 23 May 2024 17:43:07 +0200 Subject: [PATCH 29/35] wifi-scripts: introduce rxkh_file uci option With rxkh_file, hostapd will read a list of RxKHs from a text file. This also makes it possible for hostapd to dynamically reload RxKHs. RxKHs defined in rxkh_file should be formated as described in hostapd.conf, with one entry per line. R0KH/R1KH format: r0kh= <256-bit key as hex string> r1kh= <256-bit key as hex string> Reworked behavior of the uci options r0kh and r1kh. When rxkh_file is not configured: Instead of appending the RxKHs to the hostapd bss configuration. They will be added to a interface specific file with name /var/run/hostapd-phyX-apX.rxkh. This file will be used as the rxkh_file in the hostapd bss configuration. When rxkh_file is configured: The specified file will be used in the hostapd bss configuration, and will be the only source for configured RxKHs. All RxKHs defined with the uci options r0kh or r1kh will be ignored. Signed-off-by: Sybil127 Signed-off-by: Felix Fietkau --- .../wifi-scripts/files/lib/netifd/hostapd.sh | 26 ++++++++++++------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh index 0b2241ea60..3285ee4312 100644 --- a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh +++ b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh @@ -335,7 +335,7 @@ hostapd_common_add_bss_config() { config_add_boolean ieee80211r pmk_r1_push ft_psk_generate_local ft_over_ds config_add_int r0_key_lifetime reassociation_deadline - config_add_string mobility_domain r1_key_holder + config_add_string mobility_domain r1_key_holder rxkh_file config_add_array r0kh r1kh config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout @@ -592,7 +592,7 @@ hostapd_set_bss_options() { wireless_vif_parse_encryption - local bss_conf bss_md5sum ft_key + local bss_conf bss_md5sum ft_key rxkhs local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_key_mgmt json_get_vars \ @@ -981,7 +981,7 @@ hostapd_set_bss_options() { append bss_conf "reassociation_deadline=$reassociation_deadline" "$N" if [ "$ft_psk_generate_local" -eq "0" ]; then - json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push + json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push rxkh_file json_get_values r0kh r0kh json_get_values r1kh r1kh @@ -1003,12 +1003,20 @@ hostapd_set_bss_options() { append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N" append bss_conf "pmk_r1_push=$pmk_r1_push" "$N" - for kh in $r0kh; do - append bss_conf "r0kh=${kh//,/ }" "$N" - done - for kh in $r1kh; do - append bss_conf "r1kh=${kh//,/ }" "$N" - done + if [ -z "$rxkh_file" ]; then + set_default rxkh_file /var/run/hostapd-$ifname.rxkh + [ -e "$rxkh_file" ] && rm -f "$rxkh_file" + touch "$rxkh_file" + + for kh in $r0kh; do + append rxkhs "r0kh=${kh//,/ }" "$N" + done + for kh in $r1kh; do + append rxkhs "r1kh=${kh//,/ }" "$N" + done + echo "$rxkhs" > "$rxkh_file" + fi + append bss_conf "rxkh_file=$rxkh_file" "$N" fi fi From 7306ae401cc2cf84210fb74f37aa17049bce2e9f Mon Sep 17 00:00:00 2001 From: Sybil127 Date: Thu, 23 May 2024 18:49:54 +0200 Subject: [PATCH 30/35] hostapd: add support for rxkh_file Initial support for dynamic reload of RxKHs. In order to check if RxKHs need reloading. RxKHs defined in the rxkh_file first has to be parsed and formated, the same way as hostapd will read from the file and also output, with the command GET_RXKHS. Then each list of RxKHs can be hashed and compared. Ucode implementation of hostapds rkh_derive_key() function. Hostapd converts hex keys with 128-bits or more when less than 256-bits to 256-bits, and truncates those that are more than 256-bits. See: https://w1.fi/cgit/hostap/commit/hostapd/config_file.c?id=245fc96e5f4b1c566b7eaa19180c774307ebed79 Signed-off-by: Sybil127 Signed-off-by: Felix Fietkau --- .../network/services/hostapd/files/hostapd.uc | 69 ++++++++++++++++++- .../services/hostapd/src/src/ap/ucode.c | 1 + .../services/hostapd/src/src/utils/ucode.c | 35 ++++++++++ .../services/hostapd/src/src/utils/ucode.h | 1 + 4 files changed, 104 insertions(+), 2 deletions(-) diff --git a/package/network/services/hostapd/files/hostapd.uc b/package/network/services/hostapd/files/hostapd.uc index 053f08cb96..e345a678f4 100644 --- a/package/network/services/hostapd/files/hostapd.uc +++ b/package/network/services/hostapd/files/hostapd.uc @@ -11,6 +11,7 @@ hostapd.data.file_fields = { vlan_file: true, wpa_psk_file: true, sae_password_file: true, + rxkh_file: true, accept_mac_file: true, deny_mac_file: true, eap_user_file: true, @@ -351,6 +352,64 @@ function bss_reload_psk(bss, config, old_config) hostapd.printf(`Reload WPA PSK file for bss ${config.ifname}: ${ret}`); } +function normalize_rxkhs(txt) +{ + const pat = { + sep: "\x20", + mac: "([[:xdigit:]]{2}:?){5}[[:xdigit:]]{2}", + r0kh_id: "[\x21-\x7e]{1,48}", + r1kh_id: "([[:xdigit:]]{2}:?){5}[[:xdigit:]]{2}", + key: "[[:xdigit:]]{32,}", + r0kh: function() { + return "r0kh=" + this.mac + this.sep + this.r0kh_id; + }, + r1kh: function() { + return "r1kh=" + this.mac + this.sep + this.r1kh_id; + }, + rxkh: function() { + return "(" + this.r0kh() + "|" + this.r1kh() + ")" + this.sep + this.key; + }, + }; + + let rxkhs = filter( + split(txt, "\n"), (line) => match(line, regexp("^" + pat.rxkh() + "$")) + ) ?? []; + + rxkhs = map(rxkhs, function(k) { + k = split(k, " ", 3); + k[0] = lc(k[0]); + if(match(k[0], /^r1kh/)) { + k[1] = lc(k[1]); + } + if(!k[2] = hostapd.rkh_derive_key(k[2])) { + return; + } + return join(" ", k); + }); + + return join("\n", sort(filter(rxkhs, length))); +} + +function bss_reload_rxkhs(bss, config, old_config) +{ + let bss_rxkhs = join("\n", sort(split(bss.ctrl("GET_RXKHS"), "\n"))); + let bss_rxkhs_hash = hostapd.sha1(bss_rxkhs); + + if (is_equal(config.hash.rxkh_file, bss_rxkhs_hash)) { + if (is_equal(old_config.hash.rxkh_file, config.hash.rxkh_file)) + return; + } + + old_config.hash.rxkh_file = config.hash.rxkh_file; + if (!is_equal(old_config, config)) + return; + + let ret = bss.ctrl("RELOAD_RXKHS"); + ret ??= "failed"; + + hostapd.printf(`Reload RxKH file for bss ${config.ifname}: ${ret}`); +} + function remove_file_fields(config) { return filter(config, (line) => !hostapd.data.file_fields[split(line, "=")[0]]); @@ -652,6 +711,7 @@ function iface_reload_config(name, phydev, config, old_config) } bss_reload_psk(bss, config.bss[i], bss_list_cfg[i]); + bss_reload_rxkhs(bss, config.bss[i], bss_list_cfg[i]); if (is_equal(config.bss[i], bss_list_cfg[i])) continue; @@ -780,8 +840,13 @@ function iface_load_config(phy, radio, filename) continue; } - if (hostapd.data.file_fields[val[0]]) - bss.hash[val[0]] = hostapd.sha1(readfile(val[1])); + if (hostapd.data.file_fields[val[0]]) { + if (val[0] == "rxkh_file") { + bss.hash[val[0]] = hostapd.sha1(normalize_rxkhs(readfile(val[1]))); + } else { + bss.hash[val[0]] = hostapd.sha1(readfile(val[1])); + } + } push(bss.data, line); } diff --git a/package/network/services/hostapd/src/src/ap/ucode.c b/package/network/services/hostapd/src/src/ap/ucode.c index 2da2b4dc93..adc7c41914 100644 --- a/package/network/services/hostapd/src/src/ap/ucode.c +++ b/package/network/services/hostapd/src/src/ap/ucode.c @@ -823,6 +823,7 @@ int hostapd_ucode_init(struct hapd_interfaces *ifaces) { "printf", uc_wpa_printf }, { "getpid", uc_wpa_getpid }, { "sha1", uc_wpa_sha1 }, + { "rkh_derive_key", uc_wpa_rkh_derive_key }, { "freq_info", uc_wpa_freq_info }, { "add_iface", uc_hostapd_add_iface }, { "remove_iface", uc_hostapd_remove_iface }, diff --git a/package/network/services/hostapd/src/src/utils/ucode.c b/package/network/services/hostapd/src/src/utils/ucode.c index 29c753c326..50b87982ce 100644 --- a/package/network/services/hostapd/src/src/utils/ucode.c +++ b/package/network/services/hostapd/src/src/utils/ucode.c @@ -3,6 +3,7 @@ #include "utils/eloop.h" #include "crypto/crypto.h" #include "crypto/sha1.h" +#include "crypto/sha256.h" #include "common/ieee802_11_common.h" #include #include @@ -236,6 +237,40 @@ uc_value_t *uc_wpa_sha1(uc_vm_t *vm, size_t nargs) return ucv_string_new_length(hash_hex, 2 * ARRAY_SIZE(hash)); } +uc_value_t *uc_wpa_rkh_derive_key(uc_vm_t *vm, size_t nargs) +{ + u8 oldkey[16]; + char *oldkey_hex; + u8 key[SHA256_MAC_LEN]; + size_t key_len = sizeof(key); + char key_hex[2 * ARRAY_SIZE(key) + 1]; + uc_value_t *val = uc_fn_arg(0); + int i; + + if (ucv_type(val) != UC_STRING) + return NULL; + + oldkey_hex = ucv_string_get(val); + + if (!hexstr2bin(oldkey_hex, key, key_len)) + return ucv_string_new_length(oldkey_hex, 2 * ARRAY_SIZE(key)); + + if (hexstr2bin(oldkey_hex, oldkey, sizeof(oldkey))) { + wpa_printf(MSG_ERROR, "Invalid RxKH key: '%s'", oldkey_hex); + return NULL; + } + + if (hmac_sha256_kdf(oldkey, sizeof(oldkey), "FT OLDKEY", NULL, 0, key, key_len) < 0) { + wpa_printf(MSG_ERROR, "Invalid RxKH key: '%s'", oldkey_hex); + return NULL; + } + + for (i = 0; i < ARRAY_SIZE(key); i++) + sprintf(key_hex + 2 * i, "%02x", key[i]); + + return ucv_string_new_length(key_hex, 2 * ARRAY_SIZE(key)); +} + uc_vm_t *wpa_ucode_create_vm(void) { static uc_parse_config_t config = { diff --git a/package/network/services/hostapd/src/src/utils/ucode.h b/package/network/services/hostapd/src/src/utils/ucode.h index c083241e07..a273c19b7b 100644 --- a/package/network/services/hostapd/src/src/utils/ucode.h +++ b/package/network/services/hostapd/src/src/utils/ucode.h @@ -25,6 +25,7 @@ uc_value_t *uc_wpa_udebug_set(uc_vm_t *vm, size_t nargs); uc_value_t *uc_wpa_printf(uc_vm_t *vm, size_t nargs); uc_value_t *uc_wpa_getpid(uc_vm_t *vm, size_t nargs); uc_value_t *uc_wpa_sha1(uc_vm_t *vm, size_t nargs); +uc_value_t *uc_wpa_rkh_derive_key(uc_vm_t *vm, size_t nargs); uc_value_t *uc_wpa_freq_info(uc_vm_t *vm, size_t nargs); #endif From 4a083833399077f54e8ff40a49d688d4c5c9e762 Mon Sep 17 00:00:00 2001 From: Jiale Liu Date: Mon, 15 Apr 2024 00:27:49 +0800 Subject: [PATCH 31/35] base-files: fix luci TZ default show zonename fix default timezone to correct GMT0, origin value 'UTC' is zonename, not timezone. Signed-off-by: Jiale Liu Link: https://github.com/openwrt/openwrt/pull/15128 Signed-off-by: John Crispin --- package/base-files/files/bin/config_generate | 3 ++- package/base-files/files/etc/init.d/system | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/package/base-files/files/bin/config_generate b/package/base-files/files/bin/config_generate index ca40a62cd4..fecf82fcaa 100755 --- a/package/base-files/files/bin/config_generate +++ b/package/base-files/files/bin/config_generate @@ -312,7 +312,8 @@ generate_static_system() { delete system.@system[0] add system system set system.@system[-1].hostname='OpenWrt' - set system.@system[-1].timezone='UTC' + set system.@system[-1].timezone='GMT0' + set system.@system[-1].zonename='UTC' set system.@system[-1].ttylogin='0' set system.@system[-1].log_size='128' set system.@system[-1].urandom_seed='0' diff --git a/package/base-files/files/etc/init.d/system b/package/base-files/files/etc/init.d/system index dcfc2616c6..cff2d87072 100755 --- a/package/base-files/files/etc/init.d/system +++ b/package/base-files/files/etc/init.d/system @@ -9,8 +9,8 @@ validate_system_section() { 'hostname:string:OpenWrt' \ 'conloglevel:uinteger' \ 'buffersize:uinteger' \ - 'timezone:string:UTC' \ - 'zonename:string' + 'timezone:string:GMT0' \ + 'zonename:string:UTC' } system_config() { From 3bd2cee9bf85f01732e05e0c8fb070fb18c74095 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Tue, 3 Dec 2024 13:37:21 -0800 Subject: [PATCH 32/35] ipq40xx: use PHY to control USB GPIO Instead of using regulator-output to manually control USB GPIO, let the PHY handle it. Signed-off-by: Rosen Penev Link: https://github.com/openwrt/openwrt/pull/17221 Signed-off-by: John Crispin --- .../arch/arm/boot/dts/qcom/qcom-ipq4019-wia3300-20.dts | 7 ++----- target/linux/ipq40xx/generic/config-default | 1 - 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/target/linux/ipq40xx/files-6.6/arch/arm/boot/dts/qcom/qcom-ipq4019-wia3300-20.dts b/target/linux/ipq40xx/files-6.6/arch/arm/boot/dts/qcom/qcom-ipq4019-wia3300-20.dts index 644329419d..85ad382223 100644 --- a/target/linux/ipq40xx/files-6.6/arch/arm/boot/dts/qcom/qcom-ipq4019-wia3300-20.dts +++ b/target/linux/ipq40xx/files-6.6/arch/arm/boot/dts/qcom/qcom-ipq4019-wia3300-20.dts @@ -68,11 +68,6 @@ }; }; - output-usb-power { - compatible = "regulator-output"; - vout-supply = <®_usb>; - }; - reg_usb: regulator-usb { compatible = "regulator-fixed"; @@ -419,6 +414,8 @@ &usb2_hs_phy { status = "okay"; + + phy-supply = <®_usb>; }; &watchdog { diff --git a/target/linux/ipq40xx/generic/config-default b/target/linux/ipq40xx/generic/config-default index 4999ad3622..bd9876a0b6 100644 --- a/target/linux/ipq40xx/generic/config-default +++ b/target/linux/ipq40xx/generic/config-default @@ -3,5 +3,4 @@ CONFIG_MTD_UBI_BEB_LIMIT=20 CONFIG_MTD_UBI_BLOCK=y CONFIG_MTD_UBI_NVMEM=y CONFIG_MTD_UBI_WL_THRESHOLD=4096 -CONFIG_REGULATOR_USERSPACE_CONSUMER=y CONFIG_UBIFS_FS=y From a2f0cd35ac1d15e69f4897b35c049e175dd06825 Mon Sep 17 00:00:00 2001 From: Andreas Gnau Date: Tue, 28 Feb 2023 16:54:57 +0530 Subject: [PATCH 33/35] dropbear: Name pid file by uci section name Name the pidfile of each dropbear instance according to the corresponding uci section name. This enables a 1:1 mapping between the definition of the service instance and its process. Signed-off-by: Andreas Gnau Link: https://github.com/openwrt/openwrt/pull/15177 Signed-off-by: John Crispin --- package/network/services/dropbear/files/dropbear.init | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/package/network/services/dropbear/files/dropbear.init b/package/network/services/dropbear/files/dropbear.init index 395237f9bc..11e89340db 100755 --- a/package/network/services/dropbear/files/dropbear.init +++ b/package/network/services/dropbear/files/dropbear.init @@ -8,7 +8,6 @@ STOP=50 USE_PROCD=1 PROG=/usr/sbin/dropbear NAME=dropbear -PIDCOUNT=0 extra_command "killclients" "Kill ${NAME} processes except servers and yourself" @@ -298,8 +297,7 @@ dropbear_instance() break done - PIDCOUNT="$(( ${PIDCOUNT} + 1))" - local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid" + local pid_file="/var/run/${NAME}.${1}.pid" procd_open_instance procd_set_param command "$PROG" -F -P "$pid_file" From b6c7d8a0d60fddd162c77371e2500f485339e2c7 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Fri, 13 Dec 2024 10:56:50 +0100 Subject: [PATCH 34/35] wifi-scripts: fix mesh/sta setup with ucode scripts Ensure that the code doesn't pass macaddr_base with the wrong type (null) to the supplicant setup/start call. Signed-off-by: Felix Fietkau --- .../files-ucode/usr/share/ucode/wifi/supplicant.uc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc index c7bfeb6b9a..2942767f0b 100644 --- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc +++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc @@ -221,7 +221,7 @@ export function setup(config, data) { config, defer: true, num_global_macaddr: data.config.num_global_macaddr, - macaddr_base: data.config.macaddr_base, + macaddr_base: data.config.macaddr_base ?? "", }); if (ret) @@ -236,6 +236,6 @@ export function start(data) { phy: data.phy, radio: data.config.radio, num_global_macaddr: data.config.num_global_macaddr, - macaddr_base: data.config.macaddr_base, + macaddr_base: data.config.macaddr_base ?? "", }); }; From 225b84d5832ddcc35ebc73e7cea34e9846cfa6f5 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Fri, 13 Dec 2024 11:04:04 +0100 Subject: [PATCH 35/35] hostapd: fix building mini variants Move function and add ifdef to avoid undefined reference to hmac_sha256_kdf. Signed-off-by: Felix Fietkau --- .../services/hostapd/src/src/ap/ucode.c | 39 +++++++++++++++++++ .../services/hostapd/src/src/utils/ucode.c | 34 ---------------- .../services/hostapd/src/src/utils/ucode.h | 1 - 3 files changed, 39 insertions(+), 35 deletions(-) diff --git a/package/network/services/hostapd/src/src/ap/ucode.c b/package/network/services/hostapd/src/src/ap/ucode.c index adc7c41914..e496b8b7aa 100644 --- a/package/network/services/hostapd/src/src/ap/ucode.c +++ b/package/network/services/hostapd/src/src/ap/ucode.c @@ -817,6 +817,45 @@ out: ucv_put(val); } +static uc_value_t * +uc_wpa_rkh_derive_key(uc_vm_t *vm, size_t nargs) +{ +#ifdef CONFIG_IEEE80211R_AP + u8 oldkey[16]; + char *oldkey_hex; + u8 key[SHA256_MAC_LEN]; + size_t key_len = sizeof(key); + char key_hex[2 * ARRAY_SIZE(key) + 1]; + uc_value_t *val = uc_fn_arg(0); + int i; + + if (ucv_type(val) != UC_STRING) + return NULL; + + oldkey_hex = ucv_string_get(val); + + if (!hexstr2bin(oldkey_hex, key, key_len)) + return ucv_string_new_length(oldkey_hex, 2 * ARRAY_SIZE(key)); + + if (hexstr2bin(oldkey_hex, oldkey, sizeof(oldkey))) { + wpa_printf(MSG_ERROR, "Invalid RxKH key: '%s'", oldkey_hex); + return NULL; + } + + if (hmac_sha256_kdf(oldkey, sizeof(oldkey), "FT OLDKEY", NULL, 0, key, key_len) < 0) { + wpa_printf(MSG_ERROR, "Invalid RxKH key: '%s'", oldkey_hex); + return NULL; + } + + for (i = 0; i < ARRAY_SIZE(key); i++) + sprintf(key_hex + 2 * i, "%02x", key[i]); + + return ucv_string_new_length(key_hex, 2 * ARRAY_SIZE(key)); +#else + return NULL; +#endif +} + int hostapd_ucode_init(struct hapd_interfaces *ifaces) { static const uc_function_list_t global_fns[] = { diff --git a/package/network/services/hostapd/src/src/utils/ucode.c b/package/network/services/hostapd/src/src/utils/ucode.c index 50b87982ce..a1762844b5 100644 --- a/package/network/services/hostapd/src/src/utils/ucode.c +++ b/package/network/services/hostapd/src/src/utils/ucode.c @@ -237,40 +237,6 @@ uc_value_t *uc_wpa_sha1(uc_vm_t *vm, size_t nargs) return ucv_string_new_length(hash_hex, 2 * ARRAY_SIZE(hash)); } -uc_value_t *uc_wpa_rkh_derive_key(uc_vm_t *vm, size_t nargs) -{ - u8 oldkey[16]; - char *oldkey_hex; - u8 key[SHA256_MAC_LEN]; - size_t key_len = sizeof(key); - char key_hex[2 * ARRAY_SIZE(key) + 1]; - uc_value_t *val = uc_fn_arg(0); - int i; - - if (ucv_type(val) != UC_STRING) - return NULL; - - oldkey_hex = ucv_string_get(val); - - if (!hexstr2bin(oldkey_hex, key, key_len)) - return ucv_string_new_length(oldkey_hex, 2 * ARRAY_SIZE(key)); - - if (hexstr2bin(oldkey_hex, oldkey, sizeof(oldkey))) { - wpa_printf(MSG_ERROR, "Invalid RxKH key: '%s'", oldkey_hex); - return NULL; - } - - if (hmac_sha256_kdf(oldkey, sizeof(oldkey), "FT OLDKEY", NULL, 0, key, key_len) < 0) { - wpa_printf(MSG_ERROR, "Invalid RxKH key: '%s'", oldkey_hex); - return NULL; - } - - for (i = 0; i < ARRAY_SIZE(key); i++) - sprintf(key_hex + 2 * i, "%02x", key[i]); - - return ucv_string_new_length(key_hex, 2 * ARRAY_SIZE(key)); -} - uc_vm_t *wpa_ucode_create_vm(void) { static uc_parse_config_t config = { diff --git a/package/network/services/hostapd/src/src/utils/ucode.h b/package/network/services/hostapd/src/src/utils/ucode.h index a273c19b7b..c083241e07 100644 --- a/package/network/services/hostapd/src/src/utils/ucode.h +++ b/package/network/services/hostapd/src/src/utils/ucode.h @@ -25,7 +25,6 @@ uc_value_t *uc_wpa_udebug_set(uc_vm_t *vm, size_t nargs); uc_value_t *uc_wpa_printf(uc_vm_t *vm, size_t nargs); uc_value_t *uc_wpa_getpid(uc_vm_t *vm, size_t nargs); uc_value_t *uc_wpa_sha1(uc_vm_t *vm, size_t nargs); -uc_value_t *uc_wpa_rkh_derive_key(uc_vm_t *vm, size_t nargs); uc_value_t *uc_wpa_freq_info(uc_vm_t *vm, size_t nargs); #endif