- uclient-fetch timeout bumped from 5s to 15s. If we do not do this
we get flagged by HE as the update request is expensive and takes
more than 5s to execute. Currently 5s timeout causes uclient-fetch
to be killed prematurely as can be seen by the following log:
10:34:57 user.notice 6in4-henet: update 1/3: timeout
10:35:07 user.notice 6in4-henet: update 2/3: timeout
10:35:17 user.notice 6in4-henet: update 3/3: timeout
10:35:22 user.notice 6in4-henet: update failed
The above is the worst case, what usually happens is:
10:53:59 user.notice 6in4-henet: update 1/3: timeout
10:54:06 user.notice 6in4-henet: update 2/3: abuse
10:54:06 user.notice 6in4-henet: updated
- We now use an exponential backoff starting from 5 seconds.
- Detect ca-bundle so we don't use --no-check-certificates
unnecessarily.
- The while loop was changed so we don't retry unnecessarily
after the final failure.
- Worst-case total time the update operation might take before
bailing out is:
(sum(15 + (5 × (2^(x − 1))), 1, 2) + 15) seconds = 1 min
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/22016
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
I botched the rebase of ipq-wifi, so fix it.
Fixes: 67e6baf05e ("qualcommax: ipq60xx: add Netgear RBx350 support")
Signed-off-by: Robert Marko <robimarko@gmail.com>
The Zyxel NWA110AX is a dual band 2x2:2 802.11ax wireless access point
with PoE.
The device is very similar to the NWA210AX except for being 2x2 instead
of 4x4 in the 5GHz band and not having the 2.5GbE ethernet port. This
commit factors out a common DTS and device definition and reuses it for
both devices.
Hardware:
* SoC: Qualcomm IPQ8070A
* RAM: 1GiB 1x Samsung K4A8G165WC-BCTD
* Flash: 8MiB Winbond W25Q64DW SPI-NOR, 256MiB Winbond W29N02GZ SPI-NAND
* WLAN 2.4GHz: QCN5024 2x2:2 802.11b/g/n/ax
* WLAN 5GHz: QCN5054 2x2:2 802.11n/ac/ax
* Ethernet: 1x 1GbE with AR8033 PHY
* Serial Config: 3.3V TTL 115200-8-N-1, externally accessible
* Serial Layout: GND TX RX 3.3V (don't connect, marked with triangle)
* LEDs: 1x red, 1x green, 1x blue, 1x white
* Buttons: 1x reset
MAC addresses:
* Uplink: base address on label
* 2.4GHz WLAN: base + 1
* 5GHZ WLAN: base + 2
Flashing Notes:
The device uses a dual-image setup and OpenWrt can only be installed as
image 0. When the currently running stock firmware is image 0, OpenWrt
will be installed as image 1, fail to boot and the device returns to stock
firmware. If this happens, install any version of stock firmware so that
it runs as image 1, before installing OpenWrt. Alternatively, if there
already is a valid stock firmware in image 1, the "debug dual-image show"
and "debug dual-image set boot-image image1" commands can be used in the
stock CLI via serial/SSH/telnet to switch to image 1.
Flashing with Stock Web Interface:
* Get the OpenWrt factory image and rename it to a shorter name, for
example "openwrt.bin" (the stock firmware has a character limit)
* In the web interface, go to "Maintenance" -> "File Manager" ->
"Firmware Package" (or click the link next to "Firmware Version" under
"Device Information" on the dashboard)
* Under "Upload File" browse to the renamed OpenWrt factory image and
click on "Upload"
Switch Boot Image:
* OpenWrt to stock: "zyxel-bootconfig-ipq807x set image1"
* Stock to OpenWrt: "debug dual-image set boot-image image0"
Unbrick / Revert to Stock with the Boot Module:
* Disconnect the device from power
* Configure your machine to 192.168.1.103/24 and start a TFTP server
* Put the stock firmware image into the TFTP server root and rename it to
"ZLD-current"
* Establish a serial connection to the device through the console port
* Connect the device to power
* When prompted, press a key to abort automatic boot and enter debug mode
* Use the "atnz" command to flash the firmware image
* Use the "atgo" command to boot from the newly flashed image
Signed-off-by: Michael Lotz <mmlr@mlotz.ch>
Link: https://github.com/openwrt/openwrt/pull/21849
Signed-off-by: Robert Marko <robimarko@gmail.com>
Netgear RBx350 are dual band 4 stream 802.11ax mesh devices from the Orbi
series. The RBR350 is a router with a WAN and 3 LAN ports. The RBS350 is a
satellite without WAN port, only 2 LAN ports and half the flash. The
hardware is otherwise identical. They were sold in kits as RBK352, RBK353,
RBK354 or RBK355, with one router and 1-4 satellites.
Hardware:
* SoC: Qualcomm IPQ6018
* RAM: 512MiB 1x Nanya NT5CC256M16ER-EK
* Flash: 512MiB Winbond W29N04GZ or 256MiB Winbond W29N02GZ
* WLAN 2.4GHz: QCN5022 2x2:2 b/g/n/ax
* WLAN 5GHz: QCN5052 2x2:2 a/n/ac/ax
* Ethernet: QCA8075 switch with 1 WAN and 3 LAN ports or 2 LAN ports
* Serial Config: 3.3V TTL 115200-8-N-1, internal populated header
* Serial Layout: 3.3V (don't connect, marked with dot) RX TX GND
* LEDs: green/red power, white/red/green/blue status
* Buttons: 1x Reset, 1x WPS
MAC addresses:
* LAN1: base address on label, stored in boarddata partition at 0x8
* LAN2: base + 1
* LAN3: base + 2
* WAN: base + 3
* 2.4GHz WLAN: base + 1
* 5GHz WLAN: base + 2
Flashing Notes:
The stock firmware images are signed. Both the bootloader and the stock
web interface check the signature and will fail to boot/flash.
The bootloader automatically does NMRP when a gigabit LAN connection is
present. The stock and factory images contain a U-Boot script that is
executed when flashing using NMRP. This is used to alter and persist the
U-Boot env with a boot command that works with unsigned firmware.
Install OpenWrt:
* Get the nmrpflash utility [0] and OpenWrt factory image
* Find network interface to use: nmrpflash -L
* Start nmrpflash: nmrpflash -i interface -f openwrt-...-factory.img
* Connect the device LAN port closest to the power jack to the same
network using gigabit
* Plug the device in and wait for the bootloader to flash
* Unplug and replug the device once the power LED blinks amber
Revert to Stock:
The boot command needs to be reverted before flashing the stock firmware,
otherwise it will fail to boot and get stuck in recovery mode (red power
LED flashing).
* Run: fw_setenv bootcmd bootipq
* Restart the device
* Flash the stock firmware RBx350-Va.b.c.d.img using nmrpflash
[0]: https://github.com/jclehner/nmrpflash
Signed-off-by: Michael Lotz <mmlr@mlotz.ch>
Link: https://github.com/openwrt/openwrt/pull/21656
Signed-off-by: Robert Marko <robimarko@gmail.com>
Netgear RBx750 are tri band, 2.4GHz and 2x 5GHz, 8 stream 802.11ax mesh
devices from the Orbi series. The RBR750 is a router with a WAN and 3 LAN
ports. The RBS750 is a satellite without WAN port, only 2 LAN ports and
half the flash. The hardware is otherwise identical. They were sold in
kits as RBK752-RBK757, with one router and 1-6 satellites.
Hardware:
* SoC: Qualcomm IPQ8074
* RAM: 1GiB 1x Samsung
* Flash: 512MiB Winbond W29N04GZ or 256MiB Winbond W29N02GZ
* WLAN 2.4GHz: QCN5024 2x2:2 b/g/n/ax
* WLAN 5GHz Low Band: QCN5054 2x2:2 a/n/ac/ax 5180-5320MHz
* WLAN 5GHz High Band: QCN5054 4x4:4 a/n/ac/ax 5500-5700MHz
* Ethernet: QCA8075 switch with 1 WAN and 3 LAN ports or 2 LAN ports
* Serial Config: 3.3V TTL 115200-8-N-1, internal populated header
* Serial Layout: Bottom <- RX, TX, GND, 3.3V (don't connect) -> Top
* LEDs: green/red power, white/red/green/blue status
* Buttons: 1x Reset, 1x WPS
MAC addresses:
LAN1: base address on label
LAN2: base + 1
LAN3: base + 2
WAN: base + 1
2.4GHz: base + 2
5GHz-Low: base + 3
5GHz-High: base + 4
Flashing Notes:
The stock firmware images are signed. Both the bootloader and the stock
web interface check the signature and will fail to boot/flash.
The bootloader automatically does NMRP when a gigabit LAN connection is
present. The stock and factory images contain a U-Boot script that is
executed when flashing using NMRP. This is used to alter and persist the
U-Boot env with a boot command that works with unsigned firmware.
Install OpenWrt:
* Get the nmrpflash utility [0] and OpenWrt factory image
* Find network interface to use: nmrpflash -L
* Start nmrpflash: nmrpflash -i interface -f openwrt-...-factory.img
* Connect the device LAN port closest to the power jack to the same
network using gigabit
* Plug the device in and wait for the bootloader to flash
* Unplug and replug the device once the power LED blinks amber
Revert to Stock:
The boot command needs to be reverted before flashing the stock firmware,
otherwise it will fail to boot and get stuck in recovery mode (red power
LED flashing).
* Run: fw_setenv bootcmd bootipq
* Restart the device
* Flash the stock firmware RBx750-Va.b.c.d.img using nmrpflash
[0]: https://github.com/jclehner/nmrpflash
Signed-off-by: Michael Lotz <mmlr@mlotz.ch>
Link: https://github.com/openwrt/openwrt/pull/21938
Signed-off-by: Robert Marko <robimarko@gmail.com>
The build would continue even if the some of the intermediate commands
failed, as long as the last command in the final iteration of the loop
was successful.
Add 'set -e' to the subshell so that we immediately exit. Previously,
only the exit status of the final make-index-json.py mattered.
Fixes: https://github.com/openwrt/openwrt/issues/21981
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/21993
Signed-off-by: Robert Marko <robimarko@gmail.com>
Remove OR between GPL-2.0-or-later and LGPL-3.0-or-later to avoid
incorrect parsing of OR as a separate license in the SBOM.
Fixes: 9a157b5d83
Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22003
Signed-off-by: Robert Marko <robimarko@gmail.com>
63413daa8760 uclient-http: fix HTTP authentication after deferred header processing
4fa6fae02f74 uclient-fetch: Extract opt_post variable
8df3120639a4 uclient-fetch: Use HEAD for --spider
0392dfc8e8c4 uclient-fetch: Support of --method, --body-data and --body-file
115c92824b6d uclient-fetch: add OPTIONS request type
a1531e89f6c2 uclient-fetch: support for WebDAV methods
Fixes: https://github.com/openwrt/uclient/issues/14
Signed-off-by: Felix Fietkau <nbd@nbd.name>
d324c0503040 libubox: send warnings to stderr
5a65cb5a79b7 libubox: document positional arguments
8c7b489daa02 libubox: add anonymous strings, ints, et al in arrays
5ec7ff2effb3 uloop: use volatile sig_atomic_t for do_sigchld flag
0efa2cd3b74c usock: check SO_ERROR after poll in usock_inet_timeout()
1a73ded9f738 usock: fix timeout handling in usock_inet_timeout()
1aa36ee774c8 usock: implement RFC 8305 Happy Eyeballs for usock_inet_timeout()
Fixes: https://github.com/openwrt/uclient/issues/8
Signed-off-by: Felix Fietkau <nbd@nbd.name>
RIPE Atlas Probe v5 is a network measurement device based on Turris MOX.
u-boot bootscript supports booting both from the original Turris BTRFS
layout and default OpenWrt ext4 boot + root partition layout.
Specifications:
* SoC: Marvell ARMADA 3720
* RAM: 512 MiB, DDR3
* eMMC: 4G
* Ethernet: 1x 1GbE
MAC:
LAN MAC: label on board
Flash instructions:
* For using the default ext4 layout, boot into a live system using
tftpboot in u-boot and flash an OpenWrt SD image onto /dev/mmcblk0.
* For the Turris layout, put the new rootfs into subvolume '@', not
forgetting to add Image, device tree, and boot.scr to /boot.
Misc:
* USB connection is only for power. For UART access use the pin header:
1: GND
2: +1.8V
5: TX
6: RX
* Flashing the image onto Turris Shield won't work. Use Turris MOX image
instead.
Signed-off-by: Tomáš Macholda <tomas.macholda@nic.cz>
Link: https://github.com/openwrt/openwrt/pull/20031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This was a regression introduced in the recent alignment changes and led
to failures when reading (i.e. 'mkndx') certain packages like follows:
ERROR: python3-botocore-1.31.7-r1.apk: unexpected end of file
It affected packages with a header size greater than the read buffer
size of 128KB but less than 160KB (128KB + (128KB / 4)).
In those cases, we'd attempt a 0 byte read, leading to APKE_EOF.
Based on some tests of files across multiple archs and feeds, it seems
the only packages meeting those criteria were python3-botocore and
golang-github-jedisct1-dnscrypt-proxy2-dev.
Fixes: 64ec08eee1 ("apk: backport upstream fixes for unaligned access")
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/21992
Signed-off-by: Robert Marko <robimarko@gmail.com>
ZTE MF833U1 is a LTE dongle that expose a cdc_ether interface for data link
and WebUI for management. It handles all the "modem" functionalities
internally and does not expose any serial interface. Instead it acts like a
"router in a stick".
It initially enumerates as a USB mass-storage device and does not bind any
network driver, so no netdev is created until a modeswitch is performed.
The test is done on Cudy TR3000 256MB v1.0 running OpenWrt 24.10.5 with an
unit targeting Chinese market:
- Hardware Version: MF883U1_V1.0.0
- Software Version: BD_MF883U1V1.0.0B06
- CMIT ID: 2019CP2106
There are report online that the device have different variants that have
different behavior across different firmware, HW revisions or SKUs.
Before the switch:
```
root@OpenWrt:~# lsusb -t
/: Bus 001.Port 001: Dev 001, Class=root_hub, Driver=xhci-mtk/1p, 480M
|__ Port 001: Dev 003, If 0, Class=[unknown], Driver=[none], 480M
root@OpenWrt:~# lsusb Bus 001 Device 001: ID 1d6b:0002 Linux 6.6.119
xhci-hcd xHCI Host Controller Bus 001 Device 004: ID 19d2:1705
DEMO,Incorporated DEMO Mobile Boardband Bus 002 Device 001: ID 1d6b:0003
Linux 6.6.119 xhci-hcd xHCI Host Controller ```
After the switch:
```
root@OpenWrt:~# lsusb -t
/: Bus 001.Port 001: Dev 001, Class=root_hub, Driver=xhci-mtk/1p, 480M
|__ Port 001: Dev 003, If 0, Class=[unknown], Driver=cdc_ether, 480M
|__ Port 001: Dev 003, If 1, Class=[unknown], Driver=cdc_ether, 480M
|__ Port 001: Dev 003, If 2, Class=[unknown], Driver=[none], 480M
/: Bus 002.Port 001: Dev 001, Class=root_hub, Driver=xhci-mtk/1p, 20000M/x2
root@OpenWrt:~# lsusb Bus 001 Device 001: ID 1d6b:0002 Linux 6.6.119
xhci-hcd xHCI Host Controller Bus 001 Device 003: ID 19d2:1706
DEMO,Incorporated DEMO Mobile Boardband Bus 002 Device 001: ID 1d6b:0003
Linux 6.6.119 xhci-hcd xHCI Host Controller ```
The following kernel debug log is presented:
``` cdc_ether 1-1:1.0 eth2: register 'cdc_ether' at usb-11200000.usb-1, ZTE
CDC Ethernet Device, 34:4b:50:00:00:00 ```
Signed-off-by: Zihao Diao <hi@ericdiao.com>
Link: https://github.com/openwrt/openwrt/pull/21867
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Increase PKG_RELEASE so buildbots pick up and rebuild the updated
package files.
Fixes: c752525511 ("xdp-tools: add patch to fix stddef.h build issue")
Link: https://github.com/openwrt/openwrt/pull/21988
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add a patch that avoids including <stddef.h> in BPF headers, fixing
build failures on OpenWrt toolchains where the header is unavailable:
In file included from xdpfilt_dny_udp.c:10:
In file included from ./xdpfilt_prog.h:24:
../lib/../headers/xdp/parsing_helpers.h:18:10: fatal error: 'stddef.h' file not found
18 | #include <stddef.h>
| ^~~~~~~~~~
1 error generated.
make[5]: *** [../lib/common.mk:111: xdpfilt_dny_udp.o] Error 1
make[4]: *** [Makefile:40: xdp-filter] Error 2
Link: https://github.com/openwrt/openwrt/pull/21972
Signed-off-by: Nick Hainke <vincent@systemli.org>
These devices share the same "compatible" in device tree causing some
incompatibilities (sysupgrades, ASU profile identification), assign a
unique "compatible" and "model" to each variant.
Context:
Commit [1] added each variant's dts compatible to the SUPPORTED_DEVICES
field of the other variant to make easy sysupgrades between these
physically indistinguishable devices variants possible.
But there were found three issues which does not allow this:
- the sysupgrade's stricter check still used in some sysupgrade
paths(this check is being replaced(and redundant) with the newer fwtool's
SUPPORTED_DEVICES check using the info in images METADATA), this check
will fail when sysupgrading from a different board_name(compatible dts)
that the image was created for (image profile name).[2]
- ASU needs unique "dts compatible" to identify the devices profile.
- and an ASU's profile identification limitation when several devices from
a common target share SUPPORTED_DEVICES entries.[3]
There is a proposal for these issues but not yet implemented [4][3].
Until these issues are fixed we won't allow "easy" sysupgrades between
these two device variants.
Commit [5] avoided the ASU profile identification limitation but
missed the required two unique dts compatibles in order to make the two
variants fully work, although not allowing easy sysupgrade between them.
[1]: 8d30e07180
[2]: sysupgrade stricter check https://github.com/openwrt/openwrt/issues/20566#issuecomment-3583555482
[3]: ASU proposal https://github.com/openwrt/asu/pull/1533
[4]: allow easy sysupgrade proposal https://github.com/openwrt/openwrt/pull/20947
[5]: b71f4665cd
Fixes: b71f466 ("mediatek: filogic: fix supported_devices list for gl-mt2500")
Fixes: 8d30e07 ("mediatek: filogic: fix for new GL.iNet GL-MT2500/GL-MT2500A hardware revision")
Fixes: https://github.com/openwrt/openwrt/issues/20566
Fixes: https://github.com/openwrt/asu/issues/1525
Signed-off-by: Mario Andrés Pérez <mapb_@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/21842
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7e5b324 instance: check length of names when creating cgroups
014f94c procd: jail/cgroups: fix OOB write in cgroups_apply()
e08cdc8 hotplug-dispatch: fix filter disallowing setting PATH
afa4391 service instance: Improve handling of watchdog config changes
52c64d2 service instance: Fix overwriting of watchdog linked list members
96c827f coldplug: fix missing header include
6b10c71 hotplug-dispatch: fix missing header include
58d7aaa initd/coldplug: create /dev/null before running udevtrigger
64f97ff hotplug-dispatch: redirect output to /dev/null
c4e9859 hotplug-dispatch: use stat if d_type is DT_UNKNOWN
bafdfff system: fix arguments validation in ubus handler
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When config_change is set during an active setup (e.g. by a concurrent
reconf call), wdev_mark_up() attempted to call setup() while still in
"setup" state. Since setup() requires state "up" or "down", it silently
returned, leaving the state as "setup". The subsequent wdev_setup_cb()
then treated this as a setup failure, triggering an unnecessary
teardown+restart cycle.
Fix this by removing the config_change handling from wdev_mark_up() and
moving it to wdev_setup_cb() instead. wdev_mark_up() now always
transitions to "up" state. When wdev_setup_cb() runs afterwards and
finds the device already "up" with config_change set, it initiates a
clean re-setup from the "up" state where setup() can run.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Commit 01a87f4bd0 changed the encryption
setting of the default SSID "OpenWrt" from "none" to "open". The correct
setting as per the documentation [1] is "none", though.
While this invalid setting won't cause a wrong hostapd setup, it will
at least cause malfunction in LuCI.
Change the default encryption setting back to "none".
[1] https://openwrt.org/docs/guide-user/network/wifi/basic#encryption_modes
Fixes: 01a87f4bd0
Signed-off-by: Shine <4c.fce2@proton.me>
Link: https://github.com/openwrt/openwrt/pull/21925
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
These two are redundant definitions according to dts. A value of 4 (CRC
no redundancy) makes no sense.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16618
Signed-off-by: Robert Marko <robimarko@gmail.com>
There are two redundant sections. One at 0x0 and the other at 0x80000.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16618
Signed-off-by: Robert Marko <robimarko@gmail.com>
Code was moved from 601-ucode_support.patch into ucode.{c,h},
but the patch still contained the old hunks. As a result, the patch
no longer applies.
Fix this by dropping the moved code from 601-ucode_support.patch.
Fixes: a7756346c7 ("hostapd: extend DPP ucode API with WPS M7/M8 encrypted settings handling")
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add callbacks to intercept WPS M7 reception (registrar side) and M8
reception (enrollee side), allowing external code to inject extra
encrypted attributes and optionally skip credential building.
On the registrar side, the m7_rx callback receives the decrypted M7
content and can return extra data to include in M8's encrypted settings
as well as a flag to skip credential generation.
On the enrollee side, add a wps_set_m7 method to set extra encrypted
data for M7, and a m8_rx callback to handle the decrypted M8 content
externally.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add a ucode API to hostapd and wpa_supplicant for external DPP frame
handling. This allows an external controller to intercept DPP frames
and handle the DPP protocol externally.
The API provides:
- RX callbacks (dpp_rx_action, dpp_rx_gas) called when DPP frames are
received, allowing external handling before internal processing
- TX methods (dpp_send_action, dpp_send_gas_resp/dpp_send_gas_req) for
transmitting DPP frames
- A ubus channel-based API (dpp_channel) for bidirectional communication
with exclusive hook registration per interface
- CCE control for hostapd (set_cce method)
The wpa_supplicant API mirrors hostapd but adapted for STA role:
- Uses tx_gas_req instead of tx_gas_resp
- GAS RX provides full frame instead of parsed query
- No CCE control (AP-only feature)
Both implementations include:
- Timeout handling with automatic channel disconnect after 3 failures
- Hook cleanup on interface removal
- Last-caller-wins semantics for hook registration
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When storing device-level data, wdev_set_data() spread the entire wdev
object into handler_data. Since handler_config.data is set from the
previous handler_data[wdev.name] before each setup, this created
exponentially growing nesting with each reload, eventually causing
"nesting too deep" JSON parse errors.
Fix by initializing cur to a simple object containing only the device
name instead of the entire wdev object.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add support for DPP (Device Provisioning Protocol) as both a primary
encryption type and as an optional addition to existing authentication.
Primary DPP mode (encryption=dpp):
- Sets WPA2 with key_mgmt=DPP
- Requires Management Frame Protection (ieee80211w=2)
- Supports dpp_connector, dpp_csign, dpp_netaccesskey options
Optional DPP mode (dpp=1 boolean on AP):
- Adds DPP to existing key management methods
- Allows AP to accept both DPP and other auth types
- Supports the same connector options
Both ucode and legacy shell implementations are updated for AP and STA
modes.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Allow callers of edit_create_destroy to pass additional named arguments
via info.named_args that get merged into the create command parameters.
Signed-off-by: John Crispin <john@phrozen.org>
When a remote peer's connection drops (device powered off, unetmsgd
crash, network failure), network_rx_cleanup_state silently removed
the remote publish/subscribe handles without notifying local
subscribers. This meant local clients had no way to detect that a
remote peer had disappeared.
Call handle_publish for each channel where a remote publish handle
is removed during connection cleanup, so local subscribers receive
the publisher change notification and can react accordingly.
Signed-off-by: John Crispin <john@phrozen.org>
handle_publish() notifies local subscribers about publisher state
changes. The publish/subscribe handler in network_socket_handle_request()
was calling it for both remote publish and subscribe changes, but
subscriber changes are not relevant to local subscribers.
Guard the handle_publish() calls with a msgtype == "publish" check,
matching the local client paths in unetmsgd-client.uc which already
have this guard.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When both peers connect simultaneously, the RX side can authenticate
before the TX handshake completes. network_check_auth() was sending a
ping on the unauthenticated TX channel, which gets rejected by the
remote's pre-auth handler as "Auth failed", killing the connection and
triggering an endless reconnect cycle.
Check chan.auth before interacting with the TX channel. If TX auth
hasn't completed yet, just schedule a reconnect timer - auth_data_cb
already handles state sync when TX auth completes.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
network_close() only closed the listening socket without shutting down
established RX/TX connections. This left remote state in
core.remote_publish/core.remote_subscribe for hosts on the removed
network, causing stale entries in channel listings and failed routing
attempts.
Close all RX and TX channels before removing the network, which also
triggers remote state cleanup via network_rx_socket_close().
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The cleanup condition checked != instead of ==, inverting the logic.
This caused two problems:
When an authenticated RX connection disconnected, remote state for that
host was never cleaned up since the stored entry matched the one being
closed.
When a stale unauthenticated connection from a peer closed, any existing
authenticated connection from the same peer was incorrectly deleted and
its remote state wiped.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When a remote peer's publish registrations arrive via RX before the
local TX connection is authenticated, handle_publish fires but the
subscriber can't reach the remote publisher yet since the TX channel
isn't ready.
Suppress publish notifications on the RX side when no authenticated TX
channel exists for the remote host. After TX authentication completes,
re-trigger handle_publish only for topics that the specific peer
publishes and that have local subscribers.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The condition checked !data.networks instead of !data.networks[name],
making it always false since data.networks was already validated earlier
in the function. Networks removed from unetd were never closed.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Check /var/run/uci/ before /etc/config/ so that overlay configs
also trigger service reload events.
The overlay directory takes precedence, and uci show already handles
merging overlay + base configuration correctly.
Signed-off-by: John Crispin <john@phrozen.org>
Changelog:
13701b5 libtraceevent: 1.9
6a3a815 libtraceevent: Add tep_load_modules() API
31fc91b libtraceevent: Add tep_parse_last_boot_info()
5e4ef1f libtraceevent: Add tep_btf_list_args()
aa49dce libtraceevent: Split out btf func init code from tep_btf_print_args()
239b063 libtraceevent: Do not change names of functions not of this library
c284dec libtraceevent: Handle __get_stacktrace()
1ba1262 libtraceevent: Move back to 1.8.99
263459e libtraceevent: Use BTF_INT_BITS/OFFSET() when parsing int parameters
0294b73 libtraceevent utest: Add simple test to test BTF parsing
38e03ac libtraceevent: Have BTF find functions with extra characters
b441fff libtraceevent: Add man page for the new BTF functions
87f30d9 libtraceevent: Add loading of BTF to the tep handle
3488dc9 libtraceevent: Move to 1.9 devel
Link: https://github.com/openwrt/openwrt/pull/21886
Signed-off-by: Nick Hainke <vincent@systemli.org>
Changelog:
6fad6a1 libtracefs: version 1.8.3
5505e14 libtracefs: Do not have utest fail debugfs/tracing not found
362574c libtracefs: Fix whitespace in enable_disable_all()
06c07be libtracefs: Make comm field a string
0a2a28f libtracefs/Documentation: Fix markup in the man page
57fcdc1 libtracefs: utest: Return non-zero exit code when something fails
ae03455 libtracefs: Fix tracefs_event_is_enabled() for all events
01a3fd3 libtracefs: Fix enum type in read_event_state
ef1656b libtracefs: Fix the /dev/null redirection compatibility in Makefile
Link: https://github.com/openwrt/openwrt/pull/21886
Signed-off-by: Nick Hainke <vincent@systemli.org>
Uninitialized memory led to bogus, huge timestamps being set on files
downloaded with the wget backend. This caused odd issues like 'ls -l'
crashing busybox when attempting to list the .apk file afterwards.
Link: 42f159e67b
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/21874
Signed-off-by: Robert Marko <robimarko@gmail.com>
It's not the proper one. No of_platform_ APIs are being used.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21164
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
follow-up to 148207730a
Schoolboy error on the peer_psk value.
Also fix an issue when joining peer IPv4 and IPv6 AllowedIPs
(${peer_a_ips/ /, } replaces only the first space, while
${peer_a_ips// /, } replaces all the spaces).
Closes: https://github.com/openwrt/openwrt/issues/21847
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21851
Signed-off-by: Robert Marko <robimarko@gmail.com>
