When a remote peer's publish registrations arrive via RX before the
local TX connection is authenticated, handle_publish fires but the
subscriber can't reach the remote publisher yet since the TX channel
isn't ready.
Suppress publish notifications on the RX side when no authenticated TX
channel exists for the remote host. After TX authentication completes,
re-trigger handle_publish only for topics that the specific peer
publishes and that have local subscribers.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 3efcf444a1)
The condition checked !data.networks instead of !data.networks[name],
making it always false since data.networks was already validated earlier
in the function. Networks removed from unetd were never closed.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a2368e0f69)
channel.disconnect() already closes the fd via ubus_shutdown(),
so calling socket.close() afterwards is redundant and causes EBADF.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit bdc3c1a820)
Add a 10-second timeout for outgoing auth requests to prevent
connections from getting stuck when the remote peer goes silent
after the hello handshake but before responding to auth.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 8a304d051f)
The network may be deleted before the disconnect callback fires.
Check for null to avoid crash when accessing net.tx_channels.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f631d1576d)
This should not be defaulted to anything in the schema.
What seemed like a minor cleanup actually broke this
as the schema defines a default value already. I did
not notice as I had this explictly set in my config.
Fixes: 70ba7512 ("wifi-scripts: ucode: allow sae_pwe to be modified for AP mode")
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/22043
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit f012e8d50a)
Some Android devices have issues with H2E causing downgrades to PSK
when using WPA2/3. With WPA3 it doesn't work reliably whatsoever.
My Samsung A55/6 for example has the following behavior:
daemon.info hostapd: lan5g: STA <redacted> IEEE 802.11: authenticated
daemon.notice hostapd: SAE: <redacted> indicates support for SAE H2E, but did not use it
daemon.info hostapd: lan2g: STA <redacted> IEEE 802.11: authenticated
daemon.info hostapd: lan2g: STA <redacted> IEEE 802.11: associated (aid 1)
daemon.notice hostapd: lan5g: Prune association for <redacted>
daemon.notice hostapd: lan2g: AP-STA-CONNECTED <redacted> auth_alg=open
daemon.info hostapd: lan2g: STA <redacted> RADIUS: starting accounting session 8234C696AAC1AE7D
daemon.info hostapd: lan2g: STA <redacted> WPA: pairwise key handshake completed (RSN)
daemon.notice hostapd: lan2g: EAPOL-4WAY-HS-COMPLETED <redacted>
This is also brought up in the issue: https://github.com/openwrt/openwrt/issues/9963
Ultimately this allows users to have the option to at the very least
disable H2E.
Unrelated: a minor cleanup was done so that ieee80211w uses set_default instead.
There is no functional change on that front.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/22021
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 70ba7512e7)
- uclient-fetch timeout bumped from 5s to 15s. If we do not do this
we get flagged by HE as the update request is expensive and takes
more than 5s to execute. Currently 5s timeout causes uclient-fetch
to be killed prematurely as can be seen by the following log:
10:34:57 user.notice 6in4-henet: update 1/3: timeout
10:35:07 user.notice 6in4-henet: update 2/3: timeout
10:35:17 user.notice 6in4-henet: update 3/3: timeout
10:35:22 user.notice 6in4-henet: update failed
The above is the worst case, what usually happens is:
10:53:59 user.notice 6in4-henet: update 1/3: timeout
10:54:06 user.notice 6in4-henet: update 2/3: abuse
10:54:06 user.notice 6in4-henet: updated
- We now use an exponential backoff starting from 5 seconds.
- Detect ca-bundle so we don't use --no-check-certificates
unnecessarily.
- The while loop was changed so we don't retry unnecessarily
after the final failure.
- Worst-case total time the update operation might take before
bailing out is:
(sum(15 + (5 × (2^(x − 1))), 1, 2) + 15) seconds = 1 min
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/22016
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 862b46dd8f)
Mark T4240RDB u-boot variants as device-built and avoid installing them into rootfs.
Without this buildbot crashes during package install with:
ERROR: unable to select packages:
u-boot-fsl_T4240RDB-nor (no such package):
required by: world[u-boot-fsl_T4240RDB-nor]
u-boot-fsl_T4240RDB-sdboot (no such package):
required by: world[u-boot-fsl_T4240RDB-sdboot]
Fixes: c5d3d5fe28 ("package: u-boot: initial support for qoriq arch")
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21514
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 20727f89d5)
Link: https://github.com/openwrt/openwrt/pull/21477
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This package adds initial u-boot support for qoriq target.
U-boot for qoriq devices must be compiled with 32-bit compiler and
linked with 32-bit linker. It's part of mpc 85xx target. But qoriq
target is 64-bit. As workaround, mpc85xx binary toolchain is downloaded
only for this u-boot.
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/10941
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit c5d3d5fe28)
Link: https://github.com/openwrt/openwrt/pull/21477
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The build would continue even if the some of the intermediate commands
failed, as long as the last command in the final iteration of the loop
was successful.
Add 'set -e' to the subshell so that we immediately exit. Previously,
only the exit status of the final make-index-json.py mattered.
Fixes: https://github.com/openwrt/openwrt/issues/21981
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/21993
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit fcb07b00ec)
This fixes a previous commit for Sophos XG 210r3 which was missing
board_name mapping and adds support for the SG related version and the
XG/SG 230r2 which is the same hardware with a faster processor.
Sophos board_name mapping was modified to support all Sophos
SG/XG devices.
Sophos SG/XG 210r3 and SG/XG 230r2 are rackmounted x86 based firewall
with 6 RJ-45 gigabit ethernet ports (eth0-5) and 2 SFP gigabit ethernet
ports (eth6, eth7) all running Intel NICs supported by igb driver. The 210r3
and 230r2 only differ in the processor used. This board update maps
eth1 (marked as WAN) as wan and eth0 and eth2-5 as lan. Leaving the
two SFP ports unmapped.
Fixes: 4880e8e338 ("x86: add board mapping for Sophos XG 210r3")
Signed-off-by: Raylynn Knight <rayknight@me.com>
Link: https://github.com/openwrt/openwrt/pull/21959
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d0c82dbb17)
Add dependencies for Turris MOX board modules directly as
DEVICE_PACKAGES. (So that users don't have to add them manually.)
The device uses an SD card for primary storage so space shouldn't be an
issue.
Signed-off-by: Tomáš Macholda <tomas.macholda@nic.cz>
Link: https://github.com/openwrt/openwrt/pull/21151
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit bbfee76d1d)
This was a regression introduced in the recent alignment changes and led
to failures when reading (i.e. 'mkndx') certain packages like follows:
ERROR: python3-botocore-1.31.7-r1.apk: unexpected end of file
It affected packages with a header size greater than the read buffer
size of 128KB but less than 160KB (128KB + (128KB / 4)).
In those cases, we'd attempt a 0 byte read, leading to APKE_EOF.
Based on some tests of files across multiple archs and feeds, it seems
the only packages meeting those criteria were python3-botocore and
golang-github-jedisct1-dnscrypt-proxy2-dev.
Fixes: 64ec08eee1 ("apk: backport upstream fixes for unaligned access")
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/21992
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 8c6ed4e927)
Link: https://github.com/openwrt/openwrt/pull/22001
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Use the added support for generating per device targz rootfs so that images
generated for Methode devices when CONFIG_TARGET_MULTI_PROFILE and
CONFIG_TARGET_PER_DEVICE_ROOTFS are set, we actually get the targz rootfs
that respects DEVICE_PACKAGES.
Currently, buildbot generated images have no networking, LM75 nor I2C
working, as the generated images do not include required kmods that are
listed in DEVICE_PACKAGES.
While at it, there is no need for tar to run in verbose mode.
Fixes: 7dff6a8c89 ("mvebu: uDPU: add sysupgrade support")
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit ef92265772)
Currently, for targets that use the CONFIG_TARGET_ROOTFS_TARGZ a single
rootfs tarball is generated for the subtarget based of $(TARGET_DIR).
However, this means that it does not respect DEVICE_PACKAGES like other
rootfs images.
So, lets augment CONFIG_TARGET_ROOTFS_TARGZ by adding a proper targz fstype
so that per device rootfs is generated under lock.
This is required so that devices that use custom sysupgrade archives like
Methode devices, can actually include a per device rootfs so when building
for multiple devices and with CONFIG_TARGET_PER_DEVICE_ROOTFS set the built
image actually includes the listed DEVICE_PACKAGES.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit d89cb72c23)
Refresh the patches to make them apply cleanly again.
Fixes: 105eb9ca95 ("kernel: add cake-mq support")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 30ac12f4b4)
Bootlog has the following line:
mt7915e 0000:01:00.0: missing precal data, size=403472
It is because precal was not included in the previous NVMEM conversion.
Fix this by adding it to the dts.
Fixes: dbc2923cbe ("mediatek: filogic: convert Acer Predator W6 to use NVMEM framework")
Signed-off-by: Zhi-Jun You <hujy652@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/21894
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit c62bab29d5)
Bootlog has the following line:
mt7915e 0000:01:00.0: missing precal data, size=403472
It is because precal was not included in the previous NVMEM conversion.
Fix this by adding it to the common dts.
Fixes: dbc2923cbe ("mediatek: filogic: convert Acer Predator W6 to use NVMEM framework")
Signed-off-by: Zhi-Jun You <hujy652@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/21894
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit eb369b267d)
Bootlog has the following line:
mt798x-wmac 18000000.wifi: missing precal data, size=403472
It is because precal was not included in the previous NVMEM conversion.
Fix this by adding it to the common dtsi.
Fixes: dbc2923cbe ("mediatek: filogic: convert Acer Predator W6 to use NVMEM framework")
Signed-off-by: Zhi-Jun You <hujy652@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/21894
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3f430451b1)
This is patch is identical in form and purpose as the IB-4220-B
patch. We switch over to a single "firmware" partition.
All reference design-based machines are now converted and we can
drop the legacy set-up code.
It turns out that the reference design also uses the flash layout
with a 3072KB kernel so augment the sysupgrade to do the right
thing also here.
Link: https://github.com/openwrt/openwrt/pull/21820
(cherry picked from commit c579e1d04c)
Link: https://github.com/openwrt/openwrt/pull/21973
Signed-off-by: Linus Walleij <linusw@kernel.org>
To optimize the flash usage and to make firmware upgrades
simpler, catenate the three firmware partitions "Kern",
"Ramdisk" and "Application" into one, and use all of this
for the combined MTD-splitted kernel+rootfs.
This works fine as long as the kernel is placed in the
beginning of this firmware partition and we leave the
RedBoot partition as is, so the boot loader still can load
the kernel from the first two RedBoot partitions.
Using the RedBoot partitions "as is" can be considered
harmful, because when you flash to a RedBoot partition the
file size is used for downsizing of the partition and make
firmware upgrades fail if they are larger than the RedBoot
partition size after flashing, despite there is actually
flash there. So overriding with fixed partitions is just
generally a good idea.
Link: https://github.com/openwrt/openwrt/pull/21820
(cherry picked from commit 387752dc76)
Link: https://github.com/openwrt/openwrt/pull/21973
Signed-off-by: Linus Walleij <linusw@kernel.org>
The problem is the following: we have three fixed partitions
in a RedBoot partition for kernel, initrd and rootfs. On the
surface this looks good.
But we have little flash and want to use it efficiently. We want
to use the OpenWrt "firmware" partition scheme where the kernel,
initramfs and sqashfs+jffs2 rootfs is appended, leaving maximum
space for a writeable rootfs.
To do this we will override the existing RedBoot partition table
with one that merges the three separate partitions into one
"firmware" partition.
RedBoot is still booting the system. It still needs to read the
first two parts "as if" these were the kernel and initrd. This
works fine, because the kernel still comes first.
We already have hacks in place to merge the two kernel and initrd
into one binary image and execute it. This is done by prepending
a "prolog" to the kernel that does the necessary copying in
memory and then jumps to execute the kernel.
Since this "prolog" copying routine is just 92 bytes but has 512
bytes allocated, we can trivially create a firmware format that
can be used for splitting the image into kernel and rootfs
using a tagging scheme that can be done directly by scripting
so we don't need any special binary programs.
This splitter implements that idea.
This will be used on the Gemini platform and was tested on the
Raidsonic IB-4220-B.
Link: https://github.com/openwrt/openwrt/pull/21820
(cherry picked from commit 5ac8f14ccb)
Link: https://github.com/openwrt/openwrt/pull/21973
Signed-off-by: Linus Walleij <linusw@kernel.org>
The firmware update file can get big, so instead of extracting
the whole file into the tmp folder potentially running out of space
and make the upgrade fail, stream from tar xvf -O directly to the
mtd write command.
Refactor the checking of partitions and the actual upgrade into
two steps when we are at it.
Link: https://github.com/openwrt/openwrt/pull/21782
(cherry picked from commit 1977301b5f)
Link: https://github.com/openwrt/openwrt/pull/21973
Signed-off-by: Linus Walleij <linusw@kernel.org>
The redboot partition parser gets upset if a partition
doesn't end on an even erase block and marks the partition
read-only.
Fix this by always padding the three firmware items to
128kb.
It is no longer required for the filesystem to be padded
to 6144kb, so we pad this to just 128kb like the kernel
images.
Link: https://github.com/openwrt/openwrt/pull/21750
(cherry picked from commit db7a2fb217)
Link: https://github.com/openwrt/openwrt/pull/21973
Signed-off-by: Linus Walleij <linusw@kernel.org>
The Storlink reference designs sometimes fail upgrade because
not the entire partition is used, so the size isn't equal to
the actual flash space available for the partition.
Fix this by calculating the actual partition sizes by measuring
across the partition offsets instead.
Link: https://github.com/openwrt/openwrt/pull/21750
(cherry picked from commit 04bc0b6d3f)
Link: https://github.com/openwrt/openwrt/pull/21973
Signed-off-by: Linus Walleij <linusw@kernel.org>
The gemini is using split squashfs/jffs2 root filesystems on
all devices, so without CONFIG_BLK_DEV_LOOP the device does
not gain a writeable root filesystem with these boot messages:
mount_root: unable to create loop device
mount_root: jffs2 not ready yet, using temporary tmpfs overlay
and then it never gets out of that. Fix this so we get writeable
rootfs again.
Link: https://github.com/openwrt/openwrt/pull/21748
(cherry picked from commit b8dc7ac9c6)
Link: https://github.com/openwrt/openwrt/pull/21973
Signed-off-by: Linus Walleij <linusw@kernel.org>
The Raidsonic devices do not use a 2048k kernel "Kern"
partition like the Storlink reference designs. Instead
it uses a 3072k partition to fit a slightly
larger kernel.
Sadly the current OpenWrt Gemini kernel is still bigger
than 3072k so we need to make use of the Ramdisk
partition as well.
Create a special "copy-kernel" version that can deal
with the Raidsonic 3072k kernels. Tested on the
Raidsonic IB-4220-B booting kernel v6.12.66.
Fix a copy/paste error in the image generation makefile
while we are at it.
Link: https://github.com/openwrt/openwrt/pull/21686
(cherry picked from commit 691aa70e16)
Link: https://github.com/openwrt/openwrt/pull/21973
Signed-off-by: Linus Walleij <linusw@kernel.org>
The Gemini reference design-derived devices uses a partition
format which is predictable and we can exploit this to offer
some proper upgrade path.
The kernel for these contains a hack to use this partition
format unaltered by combining the partitions "Kern" and "Ramdisk"
to one image with all of the kernel+ramdisk in memory.
Then the "Application" which is used for the rootfs go into its
own partition.
Standard flash layout:
Kern 2048k |
Ramdisk 6144k | = 9216k
Application 6144k | = 15360k
Following the pattern of the factory image we create three
images named zImage, rd.gz and hddapp.tgz (these filenames
are misleading! They are just required by the old firmware.)
and flash each individually with "mtd" during upgrades.
Since the IB-4220-V has a different layout with a bigger kernel
space we parameterize this so we can handle this too. (More
fixes are needed for that device though.)
A way to upgrade older OpenWrt on these platforms to the latest
and greatest will be to copy the file
target/linux/gemini/base-files/lib/upgrade/platform.sh
to /lib/upgrade/platform.sh
on your running system and then run sysupgrade from the image
produced after this patch.
The script is picky to sanity check the partitions before
commencing upgrade.
This was tested with a full sysupgrade on the iTian SQ201.
Link: https://github.com/openwrt/openwrt/pull/21680
(cherry picked from commit 0b0cd4efe2)
Link: https://github.com/openwrt/openwrt/pull/21973
Signed-off-by: Linus Walleij <linusw@kernel.org>
Add the required patches in order to backport cake-mq from Linux 7.0.
Many thanks to Toke Høiland-Jørgensen for providing the git trees with backports
for both 6.12 and 6.18.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21964
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 105eb9ca95)
Now that we have a board file, add calibration variant for TP-Link
TL-WA1201 v2 and add ipq-wifi package for it.
Tested-by: Jim McDonald <122668301+jimmyd998@users.noreply.github.com>
Signed-off-by: Christoph Krapp <achterin@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21736
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 0fa94cff86)
Link: https://github.com/openwrt/openwrt/pull/21951
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
