Changes:
- Support of both Apple Silicon and Intel for macOS package.
- Add cvlan/svlan/tpmr capabilities.
- Disable LLDP in firmware for Intel X7xx cards on FreeBSD.
- Add lldpctl_watch_sync_unblock to liblldpctl.
- Add C++ wrapper for lldpctl.
Fix:
- Fix AppArmor policy for /run/lldpd/lldpd.socket.lock.
- Do not query stats for a down interface on Linux.
```
# lldpd -vv
lldpd 1.0.19
Built on 2025-03-24T17:43:44Z
Additional LLDP features: LLDP-MED, Dot1, Dot3, Custom TLV
Additional protocols: CDP, FDP, EDP, SONMP
SNMP support: no
Old kernel support: no (Linux 2.6.39+)
Privilege separation: enabled
Privilege separation user: lldp
Privilege separation group: lldp
Privilege separation chroot: /var/run/lldp
Configuration directory: /tmp
C compiler command: C compiler command is not available for reproducible builds
Linker command: Linker compiler command is not available for reproducible builds
```
Tested on: 24.10.0
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18345
Signed-off-by: Nick Hainke <vincent@systemli.org>
Do not verify the format of TLV. Leave that to lldpd.
These lldpd config entries:
config custom-tlv
list ports 'eth0'
option tlv 'replace oui 33,44,55 subtype 254 oui-info 55,55,55,55,55'
config custom-tlv
option tlv 'oui 33,44,44 subtype 232'
list ports 'br-lan'
list ports 'eth0'
config custom-tlv # oui-info truncated
option tlv 'add oui 33,44,33 subtype 66 oui-info 5555555555'
config custom-tlv
option tlv 'add oui 33,44,31 subtype 44'
config custom-tlv # invalid oui
option tlv 'add oui 3322 subtype 79'
config custom-tlv # invalid oui
option tlv 'oui 3312 subtype 74'
Produce the following lldpd.conf content:
configure ports eth0 lldp custom-tlv replace oui 33,44,55 subtype 254 oui-info 55,55,55,55,55
configure ports br-lan,eth0 lldp custom-tlv oui 33,44,44 subtype 232
configure lldp custom-tlv add oui 33,44,33 subtype 66 oui-info 5555555555
configure lldp custom-tlv add oui 33,44,31 subtype 44
configure lldp custom-tlv add oui 3322 subtype 79
configure lldp custom-tlv oui 3312 subtype 74
And lldpd (v1.0.13 on v22) logs the following:
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op replace oui 33:44:55 subtype fe
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:44 subtype e8
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:33 subtype 42
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:33 subtype 42
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:31 subtype 2c
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:31 subtype 2c
Sat Mar 16 19:11:39 2024 daemon.warn lldpcli[10915]: invalid OUI value '3322'
Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: an error occurred while executing last command
Sat Mar 16 19:11:39 2024 daemon.warn lldpcli[10915]: invalid OUI value '3312'
Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: an error occurred while executing last command
Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: lldpd should resume operations
( The last two TLV are invalid: their oui must be three hex bytes, comma
separated. Only the first hex byte of oui-info 5555555555 is used )
Depends on #14867 and its release version bump
Tested on: 22.03.6
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14872
Signed-off-by: Robert Marko <robimarko@gmail.com>
where csv = comma separated value(s)
Make the function more generic. Can use it for not only 'config'.
Now it can be used to parse interfaces for additional lldpd settings,
e.g. custom-tlv.
Tested on: 22.03.6
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14872
Signed-off-by: Robert Marko <robimarko@gmail.com>
This service automatically establishes connections to any hosts that are members
of the same unet network, and allows publish/subscribe exchanges via ubus channels.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This does not actually create a new private key. Instead, the salt is replaced,
and a xor key is generated which when merged with the key derived from the new
password transforms into the original private key.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Currently, logging level of the RADIUS server is a constant corresponding
to the highest verbosity (EXCESSIVE, ALL), but when running as a system
service, the output is discarded.
This commit makes logging verbosity configurable by `log_level` option
and redirects all logs to `logd`. Possible levels are defined in hostap
sources:
https://w1.fi/cgit/hostap/tree/src/utils/wpa_debug.h?id=012a893c469157d5734f6f33953497ea6e3b0169#n23
Their reference is inlined in `radius.config` file.
Default value for logging verbosity is INFO (even if the `-l` flag isn't
specified).
Signed-off-by: Dávid Benko <davidbenko@davidbenko.dev>
Link: https://github.com/openwrt/openwrt/pull/18089
Signed-off-by: Robert Marko <robimarko@gmail.com>
Even though IPv6 support for hostapd RADIUS server is implemented
(flag `-6`), it's not possible to enable it from configuration.
This commit adds this option and adapts init script.
Signed-off-by: Dávid Benko <davidbenko@davidbenko.dev>
Link: https://github.com/openwrt/openwrt/pull/18089
Signed-off-by: Robert Marko <robimarko@gmail.com>
d8b43985e4d7 ubus: fix token_create policy
7326459bd743 ubus: dump service information on network_get
6c9c8fbd8128 service: add @all as alias for all members, unless defined differently
Signed-off-by: Felix Fietkau <nbd@nbd.name>
`ucv_array_set` releases the array's reference to the object being cleared.
If this is the last reference to the object, it will be freed, making our
pointer `val` invalid.
To avoid this, we need to obtain our own reference to the object so we
can safely return `val`.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Since `wpa_ucode_registry_add` collects its own reference to the values added, the
two functions `hostapd_ucode_bss_get_uval` and `hostapd_ucode_iface_get_uval` would
sometimes return a referenced object (from `uc_resource_new`) and sometimes return
an unreferenced object (from `wpa_ucode_registry_get`). Now, both functions always
return a referenced object.
This change also indirectly fixes `hostapd_ucode_bss_get_uval`, ensuring it now
always returns a referenced object.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Remove extra ucv_get calls when passing a referenced value to an object
without using it further.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes a common reference counting bug typically along the lines of:
```
uc_value_push(ucv_get(ucv_string_new(...)));
```
This would leave our new string with a reference count of 2, one from
the construction of the string, the other from `ucv_get`. This would
prevent the strings from being correctly cleaned up when it goes out
of scope.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
75a236be122a service: add missing null pointer check
f5341f327539 ubus: add api for generating and validating security tokens
3fab99eab4d5 add udebug support
28d86bd30e97 pex: only respond to update requests when we have network data
8e6f37cc361e pex-msg: ignore no-data responses if version is zero
12e6cf7f63e1 pex: create pex host from update responses
edc8fdae463a ubus: show the local addresses in network status
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This vastly simplifies creating and managing unet networks.
It also adds support for the unetd protocol for onboarding new nodes
over the network.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Depending on the config / circumstances, the get_psk call can be called
multiple times from differnt places, which can lead to wrong sta->psk_idx
values. The correct call is the one that is also interested in the vlan_id,
so use the vlan_id pointer as indication of when to set sta->psk_idx.
Also fix off-by-one error for secondary PSKs
Fixes: b2a2c28617 ("hostapd: add support for authenticating with multiple PSKs via ubus helper")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Unless another toolchain is present (or selected), build the bpf toolchain
whenever a package is selected that needs it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
322500403615 service: add default group @ to match all nodes
5f7860306200 ubus: rename unetd_ubus_notify to unetd_ubus_network_notify
d13752814651 enroll: add PEX sub-protocol to support enrolling new nodes into a network
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The lldp_class and lldp_location config option are only valid when
compiled with LLDP-MED support. If not they will cause lldpd not to
start.
Signed-off-by: Sebastian Pflieger <sebastian@pflieger.email>
Link: https://github.com/openwrt/openwrt/pull/17571
Signed-off-by: Robert Marko <robimarko@gmail.com>
Changes (breaking):
- Remove support for building 802.3bt TLVs (broken).
Fix:
- Fix memory leaks in EDP/FDP decoding when receiving some TLVs twice.
- Do not set interface description continuously.
- Use a different Netlink socket for changes and queries.
Signed-off-by: Sebastian Pflieger <sebastian@pflieger.email>
Link: https://github.com/openwrt/openwrt/pull/17570
Signed-off-by: Robert Marko <robimarko@gmail.com>
Without this patch, we get the following error:
Mon Dec 23 11:35:44 2024 daemon.err hostapd: nl80211: kernel reports: integer out of range
As updating hostapd would be too complex and requires further testing,
we backport this simple upstream fix instead.
Fixes: https://github.com/openwrt/openwrt/issues/16680
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/17590
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This is a minor upgrade that mainly fixes some compilation errors
and remove old unused code.
The Makefile has been reorganized. Now all package make parameters
are passed as configure arguments instead of environment variables.
The compilation dependencies remain the same as ppp v2.5.1 and the
package size changes are negligible.
Change log:
https://github.com/ppp-project/ppp/blob/v2.5.2/README#L70
Upstreamed patches:
101-pppd-crypto-fix-build-without-openssl.patch [1]
102-pppd-make-pid-directory-before-create-the-pid-file.patch [2]
103-pppd-crypto-fix-gcc-14-build.patch [3]
[1] 5f6eabdb66
[2] 734bc0438e
[3] ac269dbf7c
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/17477
Signed-off-by: Nick Hainke <vincent@systemli.org>
access to undeclared variable radio In [anonymous function](), file /usr/share/hostap/hostapd.uc, line 830, byte 45:
Signed-off-by: Florian Maurer <f.maurer@outlook.de>
93461ca4c827 unet-cli: only apply defaults on create
3e5766783d5d unet-tool: add support for confirming password
074d3659ca4a unet-cli: confirm password when creating new seed based key
bf3488a3807a unet-cli: add add/set-local-host command
9eb57c528461 unet-cli: add support for setting interface zone
a0a2d80f3459 ubus: add firewall rules for network port/pex_port via procd
Signed-off-by: Felix Fietkau <nbd@nbd.name>
d22d7db581d5 bpf_skb_utils.h: add missing include to fix build against newer kernel headers
bbd3e0eb1419 host: fix peer routes on a node acting as gateway
b17164751fc7 unet-tool: add support for generating keys from salt + seed passphrase
041e05870c20 unet-tool: add support for dumping pubkey from signed file
b58920d420cb unet-tool: add support for extracting network data from signed bin file
f335f5b40b4e unet-cli: add support for generating key from seed
8b1f1d099352 unet-cli: add support for importing networks from signed data
188ba05eadf2 unet-cli: add missing command line help for import
8f15fc306a40 unet-cli: fix add-ssh-host with seed keys
486bc3b86dc2 pex-msg: enable broadcast for global PEX socket
e4a24cdfbc1c unet-cli: fix defaults on create
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Name the pidfile of each dropbear instance according to the
corresponding uci section name. This enables a 1:1 mapping between the
definition of the service instance and its process.
Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>
Link: https://github.com/openwrt/openwrt/pull/15177
Signed-off-by: John Crispin <john@phrozen.org>
Initial support for dynamic reload of RxKHs.
In order to check if RxKHs need reloading.
RxKHs defined in the rxkh_file first has to be parsed and formated,
the same way as hostapd will read from the file and also output,
with the command GET_RXKHS.
Then each list of RxKHs can be hashed and compared.
Ucode implementation of hostapds rkh_derive_key() function.
Hostapd converts hex keys with 128-bits or more when less than 256-bits
to 256-bits, and truncates those that are more than 256-bits.
See: https://w1.fi/cgit/hostap/commit/hostapd/config_file.c?id=245fc96e5f4b1c566b7eaa19180c774307ebed79
Signed-off-by: Sybil127 <sybil127@outlook.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
