Commit 01a87f4bd0 changed the encryption
setting of the default SSID "OpenWrt" from "none" to "open". The correct
setting as per the documentation [1] is "none", though.
While this invalid setting won't cause a wrong hostapd setup, it will
at least cause malfunction in LuCI.
Change the default encryption setting back to "none".
[1] https://openwrt.org/docs/guide-user/network/wifi/basic#encryption_modes
Fixes: 01a87f4bd0
Signed-off-by: Shine <4c.fce2@proton.me>
Link: https://github.com/openwrt/openwrt/pull/21925
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 4ab5fcc04f)
Uninitialized memory led to bogus, huge timestamps being set on files
downloaded with the wget backend. This caused odd issues like 'ls -l'
crashing busybox when attempting to list the .apk file afterwards.
Link: 42f159e67b
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/21874
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit f750e3096f)
The ucode wifi-scripts unconditionally set ieee80211w=1 for psk-sae
and eap-eap2 auth types, ignoring any user-configured value. This
caused ieee80211w=2 (MFP required) to be silently downgraded to 1
(MFP optional) when using sae-mixed encryption.
Change the logic to only set the default of 1 when ieee80211w is not
already configured by the user.
Fixes: https://github.com/openwrt/openwrt/issues/21751
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 1bbb60184d)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add a module for tpm-tis-spi for TCG TIS 1.3 TPM security chips
connected to a regular non-tcg SPI master.
Add imx target compatibility for kmod-tpm.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Link: https://github.com/openwrt/openwrt/pull/21726
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 92a94dc9b0)
Add pending uboot support for the HINLINK H28K.
This fixes the rockchip build again.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit 384127320e)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The mobility_domain value generated by ucode differed from the previous
shell script implementation. The legacy shell script used `echo` on the
SSID, which appended a trailing newline.
To maintain roaming compatibility with pre-25.12 releases and OpenWrt
forks in default configuration, update the ucode logic to include this
newline character when generating the default value.
Fixes: #21731
Signed-off-by: Youfu Zhang <zhangyoufu@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21732
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1d0e2859c5)
KERNEL_DCB was introduced in 40f1db9cb1, however the dcb utility is not
enabled for iproute2. Although DCB is not generally available among
Ethernet cards, not having the dcb utility renders it completely
unchangeable.
On aarch64, it takes ~85.3KiB.
Signed-off-by: David Yang <mmyangfl@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21606
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit f0f5525b75)
The `syn_flood` option name is deprecated, `synflood_protect` should
be used instead. firewall3 and firewall4 both support this option since
a long time. LuCI already replaces the option name.
0abcb39b62
Suggested-by: rparge in OpenWrt forum
Link: https://github.com/openwrt/openwrt/pull/21642
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 2ae350b725)
Switchdev driver used by microchipsw supports DCB and has not storage
constraints, so enable kernel and driver DCB support by default.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit 4c0c7442db)
This is tri-band WiFi6E capable router. Also Zyxel Nebula managed so no real local GUI. To open device 4 screws must be located uder the label.
Four latches are on front and two on each side. Better start from ethernet port side where 3 small latches are easy to handle.
FCC shows It's identical to WSQ65 sold as Zyxel Multy M6E but that's nowhare to be found yet. WSQ65 is not covered by this PR
Speficiations:
* SoC: Qualcomm IPQ5018
* RAM: 1GB DDR3
* Flash: Winbond W25N02KWZEIR 256MB
* UART: PCB "J3" is located left from front LED strip
(VCC/TX/RX/ /GND) 3.3V 115200n8
* Wi-Fi1: IPQ5018 (2x2 2.4 Ghz 802.11b/g/n/ax)
* Wi-Fi2: QCN6102 (2x2:2 5 Ghz 802.11an/ac/ax)
* Wi-Fi3: QCN6122 (2x2:2 6 Ghz 802.11an/ac/ax)
* Ethernet: QCA8337 4xLAN 1Gbit / 1xWAN 1Gbit
* Buttons: WPS , Reset
* LEDs: 13 in total
RGB power, RGB wan, RGB status (cloud), RGB wifi, Green wps
* FCCID: I8803891
*Flash Instructions starts with getting root:
connect uart to J3 connector next to the front LEDs
go to failsafe when this shows up in log:
"Press the [f] key and hit [enter] to enter failsafe mode"
execute:
mount_root
passwd -d root
reboot
logon as root:
look for 'Please press Enter to activate this console.'
login is root password is empty
execute:
fw_setenv DebugFlag=0x1
fw_setenv bootdelay=0x2
passwd -d root
backup ubi partition "rootfs" into safe space
reboot
*OpenWrt installation
stop uboot and execute:
setenv ipaddr 192.168.1.1
setenv serverip 192.168.1.10
tftpboot *-factory.ubi
flash rootfs
reset
or:
tftpboot *-initramfs-uImage.itb
bootm
use sysupgrade as usual
*restore OEM from backup
stop uboot and execute:
setenv ipaddr 192.168.1.1
setenv serverip 192.168.1.10
tftpboot *-initramfs-uImage.itb
bootm
transfer rootfs.bin backup and execute:
ubiformat /dev/mtd16 -y -f /tmp/rootfs.bin
Signed-off-by: Robert Senderek <robert.senderek@10g.pl>
Link: https://github.com/openwrt/openwrt/pull/21042
(cherry picked from commit f948f71300)
Link: https://github.com/openwrt/openwrt/pull/21440
Signed-off-by: Robert Marko <robimarko@gmail.com>
Broadcom BCM43602 needs certain NVRAM variables to be set to function. Add
a quirk for it and add ASUS RT-AC3200 which has got Broadcom BCM43602 to
the quirk. Thanks to Tom Brautaset for finding the needed variables.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
(cherry picked from commit cd2ad6c464)
Add ASUS RT-AC3200 and ASUS RT-AC5300 to the set wireless LED behaviour
quirk. ASUS RT-AC3200's wireless chip is different than ASUS RT-AC5300's,
the environment variables for it are 0:ledbh10 and 1:ledbh10.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
(cherry picked from commit 64b6293eb7)
It is obsolete since the io module was added
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit e06c4125fd)
Link: https://github.com/openwrt/openwrt/pull/21631
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
WiFi 6E (802.11ax) clients cannot discover 6GHz APs operating at
320MHz because the HE Operation element contains uninitialized
center frequency values.
For EHT320 mode, the code sets eht_oper_centr_freq_seg0_idx but not
the corresponding HE values. Later, the HE values are copied from
VHT values, but VHT is not used on 6GHz, leaving he_oper_chwidth
and he_oper_centr_freq_seg0_idx at 0. This causes WiFi 6E clients
to see incorrect channel width information, making the AP invisible
to them during scanning.
Fix this by:
1. Setting he_oper_chwidth to 3 (160MHz) for EHT320 mode
2. Computing he_oper_centr_freq_seg0_idx based on the 160MHz segment
that contains the primary channel
3. Preserving these pre-set values instead of overwriting them with
uninitialized VHT values
WiFi 7 clients continue to see 320MHz operation via the EHT Operation
element, while WiFi 6E clients can now discover and connect at 160MHz.
Signed-off-by: Ryan Chen <rchen14b@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21588
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit a8bdb1e6d6)
Package the Microchip SparX-5 switchdev driver as a module.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit 9a4c6550a7)
The module exists in ucode and has been present for a while
but has not been enabled. It provides the ucode zlib module
for handling gzip and zlib compression in ucode scripts.
The package is ~ 5Kb. Installed ~18Kb.
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21417
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 16ae5c23e5)
Link: https://github.com/openwrt/openwrt/pull/21608
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Microchip ATF depends on Ruby scripts to generate the FWU monitor HTML
and more, so make sure that host Ruby is available.
We also need to call the scripts directly via Ruby executable as shebang
wont work due to lack of Ruby in the Buildbot container.
Fixes: 5205c0c426 ("microchipsw: lan969x: add Microchip EV23X71A")
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit 082fe669f7)
LibreSSL 3.9+ has dropped support for X509V3 extension API so cert_create
tool does not compile against it at all.
This was hidden by the fact that it was compiling against OpenSSL on my
host which still has that API, however we do not ship libssl-dev in the
Buildbot containers so compiling against distro OpenSSL is not possible.
So, after a long time trying to find any docs on that API I resorted to
LLM(Gemini 3 Pro) to get it to compile.
Our libcrypto is linked against pthread so we must pass -lpthread as well
for cert_tool.
Fixes: 5205c0c426 ("microchipsw: lan969x: add Microchip EV23X71A")
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit 410277ca12)
ABI version is added to a package name during packaging, so there's no
need to specify it manually. And nothing explicitly depends on libelf1.
Fixes: d7bf089 ("elfutils: rename libelf1 to libelf")
Signed-off-by: George Sapkin <george@sapk.in>
Link: https://github.com/openwrt/openwrt/pull/21369
(cherry picked from commit 8cc2743c48)
Link: https://github.com/openwrt/openwrt/pull/21547
Signed-off-by: Robert Marko <robimarko@gmail.com>
Packages shouldn't provide a package that another package, in this case
wget from packages provides. Explicitly provide a virtual @wget-any
instead to match the implicit wget provide and switch the only consumer
to use the new provider.
Set uclient-fetch as the default variant for wget-any.
Signed-off-by: George Sapkin <george@sapk.in>
Link: https://github.com/openwrt/openwrt/pull/21369
(cherry picked from commit af1fa176c3)
Link: https://github.com/openwrt/openwrt/pull/21547
Signed-off-by: Robert Marko <robimarko@gmail.com>
The code to be replaced is a glorious no-op. A default value for
config.radius_das_client does not need to be assigned. This parameter
already has non-empty value: see the enclosing 'if' block.
As a result, the value of config.radius_das_client never gets modified
to contain both dae_client and dae_secret. This breaks hostapd.add_iface()
that expects config.radius_das_client to contain both dae_client and
dae_secret separated by a whitespace.
Fixes: #21519
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21522
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit c7f585bfc3)
Commit 9151c7015e introduced support for the global DHCP DUID to
generate a RFC4361-style client identifier.
However, the IAID introduced in those changes is based on ifindex, which
is subject to changes and causes issues on environments requiring a stable
IAID.
This commit switches the IAID to a stable one based on MD5.
(cherry picked from commit e1c125c167)
Fixes: 9151c7015e ("netifd: use the global DHCP DUID for DHCPv4")
Link: https://github.com/openwrt/openwrt/pull/21489
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Add new function "network_generate_iface_iaid()" to generate a stable IAID
from an interface name.
(cherry picked from commit e1f2b666ff)
Link: https://github.com/openwrt/openwrt/pull/21489
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Hardware specifications:
- CPU: Freescale/NXP P2020, dual-core PowerPC @ 1 GHz
- RAM: 1 GB DDR3
- Flash: 2 MB NOR, 512 MB NAND
- Networking: 7x Gigabit Ethernet ports (via two Marvell 88E6171
switches, each attached to a different MAC)
- USB: 2x USB 2.0 ports (front panel)
- mini-PCIe slot
- RTC: Ricoh RS5C372A
- 4 buttons (via external MCU)
- 3 LEDs (via external MCU)
- LCD display (via external MCU)
Installation procedure:
1. Obtain the original MAC address table from the stock bootlog, for
example:
setting device eth0 to 00:90:7f:00:00:01
setting device eth1 to 00:90:7f:00:00:02
setting device eth2 to 00:90:7f:00:00:03
setting device eth3 to 00:90:7f:00:00:04
setting device eth4 to 00:90:7f:00:00:05
setting device eth5 to 00:90:7f:00:00:06
setting device eth6 to 00:90:7f:00:00:07
2. Open the case and move jumper JP1 from 2-3 to 1-2 to enter FAILSAFE
mode.
3. Power on the device and interrupt the boot process to access the U-Boot
shell.
4. Program the MAC base address into the EEPROM (text after '#' is a
comment):
mac ports 3
mac 2 00:90:7f:00:00:01 # first MAC address from bootlog
mac save
5. Reset the device and enter the U-Boot console again.
6. Connect a TFTP server to port 6 and boot the initramfs image:
setenv ipaddr 192.168.1.3
setenv serverip 192.168.1.2
setenv loadaddr 1000000
tftpboot $loadaddr openwrt-mpc85xx-p2020-watchguard_xtm330-initramfs-kernel.bin
bootm $loadaddr
7. (Optional) Backup all MTD partitions if you want the ability to restore
stock firmware.
8. Perform a normal sysupgrade from the initramfs environment.
9. Power off the device and move jumper JP1 back to 2-3.
10. The device will now boot OpenWrt.
Known issues:
- LCD, buttons and LEDs are controlled by an external MCU; the protocol is
currently unknown.
- The internal connection between the two Marvell switches is unused by
OpenWrt.
- The stock firmware uses an empty U-Boot environment; saving variables
modifies the environment and prevents a normal boot. FAILSAFE U-Boot
remains functional.
- WatchGuard configuration is encrypted; DSA MAC addresses are stored in
this configuration.
- Failsafe Ethernet works on port1.
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21020
(cherry picked from commit 6150f9ceab)
Link: https://github.com/openwrt/openwrt/pull/21517
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Introduce the kmod-pmbus-sensors package to provide the
generic PMBus hwmon driver (CONFIG_SENSORS_PMBUS).
This enables support for a wide range of PMBus-based devices
including ADP4000, BMR310, BMR480, MAX20796, TPS544B25, and others.
Signed-off-by: Til Kaiser <mail@tk154.de>
Link: https://github.com/openwrt/openwrt/pull/21444
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 9653fd423b)
Ensure -fPIC is passed during the linking stage to fix LTO build
failures (relocation errors) on MIPS and other architectures.
Fixes: #20436
Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21455
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 4ff0f496a4)
The Motorcomm YT8821 2.5G PHY is being used in some devices as an
alternative to devices like the RTL8221B. Package it as a kmod
so it can be used as a device package rather than requiring changes
to the target kernel config.
Signed-off-by: Andrew MacIntyre <andymac@pcug.org.au>
Link: https://github.com/openwrt/openwrt/pull/21399
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 96a1337374)
It is a BSS-level option and not radio-level. As such,
move it to wifi-iface and ap.uc.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/21412
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 9b1b5a6aec)
