hostapd: add ubus support to disasoc/deauth all wireless STAs
Similar to the hostapd control interface, treat ff:ff:ff:ff:ff:ff as a stand in for "all clients".
Signed-off-by: Rany Hany <rany_hany@riseup.net> Link: https://github.com/openwrt/openwrt/pull/18670 Signed-off-by: Robert Marko <robimarko@gmail.com> (commit: 5d7107e)
hostapd: allow ubus ban client address to be a broadcast address
This will allow del_client with ban_time on a broadcast address to also ban all clients temporarily.
Signed-off-by: Rany Hany <rany_hany@riseup.net> Link: https://github.com/openwrt/openwrt/pull/18670 Signed-off-by: Robert Marko <robimarko@gmail.com> (commit: 7f05a9a)
econet: update en75_chboot to use OpenWrt board_name
Instead of using the name from /proc/cpuinfo, use board_name from /lib/functions.sh
Signed-off-by: Caleb James DeLisle <cjd@cjdns.fr> Link: https://github.com/openwrt/openwrt/pull/21023 Signed-off-by: Robert Marko <robimarko@gmail.com> (commit: 4e0dfa6)
Board name was specified incorrectly in the DT, fix. This bug was introduced in #20580 (31f5fc8fea8931f5) which was merged last week, and econet is still a mostly experimental target, so it is considered unnecessary to update SUPPORTED_DEVICES.
Signed-off-by: Caleb James DeLisle <cjd@cjdns.fr> Link: https://github.com/openwrt/openwrt/pull/21023 Signed-off-by: Robert Marko <robimarko@gmail.com> (commit: 75915e3)
"rt2x00soc.c" was removed in 6.18 kernel backport[1]. Fix build error:
openwrt/build_dir/target-mipsel_24kc_musl/linux-ramips_mt7620/mac80211-regular/backports-6.18/drivers/net/wireless/ralink/rt2x00/rt2x00soc.ko' is missing.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.18&id=7f6109086c9e7bbc78ff936dac45626870455c76 Fixes: 52a087374227 ("mac80211: update to version 6.18") Signed-off-by: Shiji Yang <yangshiji66@outlook.com> Link: https://github.com/openwrt/openwrt/pull/21089 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: 46c885a)
Enable xdp-loader to attach multiple XDP programs to a single interface by backporting the BPF trampoline implementation from Linux kernel 6.17 to 6.12 for LoongArch64.
The xdp-loader utility relies on libxdp, which in turn requires kernel support for BPF trampoline. While x86_64 and other architectures have this feature, LoongArch64 only gained it in kernel 6.17. Without this backport, xdp-loader fails on LoongArch64 systems running kernel 6.12.
Changes backported include: - BPF trampoline infrastructure for LoongArch64 - Necessary JIT compiler updates - Related BPF subsystem changes
This allows full compatibility with the xdp-tools ecosystem on LoongArch64 systems running older kernel versions.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com> Link: https://github.com/openwrt/openwrt/pull/21077 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: ed5cefb)
dropbear: enable configurable port forwarding options
Currently its only possible to disable port forwarding only for specific keys, via the OpenSSH-style restriction in `authorized_keys` file.
In some use cases it might be feasible to disable such features globally on service level, so lets add new LocalPortForward and RemotePortForward config knobs.
Signed-off-by: Petr Štetiar <ynezz@true.cz> Link: https://github.com/openwrt/openwrt/pull/21071 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: 83f6177)
Choose the minimal release build which excludes a number of unused applets, not used on user devices.
Signed-off-by: Paul Donald <newtwen+github@gmail.com> Link: https://github.com/openwrt/openwrt/pull/21093 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: 1684c28)
dropped patches -010-libressl4.patch; integrated at source -999-small-scripts-tar.patch; integrated at source
refreshed remaining patches
DEPRECATION: Option 'compressed-help' is deprecated - removed. DEPRECATION: Option 'zstd' value 'false' is replaced by 'disabled'
Signed-off-by: Paul Donald <newtwen+github@gmail.com> Link: https://github.com/openwrt/openwrt/pull/21093 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: b91ebda)
This reverts commit 63e2b17c011318b7f7a5c7082fd8c969c430d7df.
Further discussion with Upstream for the topic revealed an even subtle problem that require specific driver to be fixed. Revert the wrong generic fix in favor of specific ath11k fix.
Link: https://lore.kernel.org/all/20251207215359.28895-1-ansuelsmth@gmail.com/T/#m990492684913c5a158ff0e5fc90697d8ad95351b Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: 1c02c78)
EWS2910P has two SFP slots of which only one was fully supported so far. The issue so far was that both SFP slots share the same I2C SCL line but neither the kernel nor any downstream driver was able to deal with this.
Thus, only one SFP slot was completely working (with detection etc.) but the other one had to be enabled manually. Networking was functional in both though.
Since acd7ecc9ed we have a driver which is able to deal with that. Thus, we can fix the SFP support for this device.
Due to the recent changes with the formality checks kernel_bump commit messages no-longer pass them.
Adjust these messages to follow the updated checks: - start the first word after prefix with lower-case - reduce the overall subject length by removing the redundant 'kernel'
Add a new hook called 'init_serdes_common' to be able to perform initialisations or anything else subject to all SerDes. This hook is called in the end of 'rtpcs_probe' after everything else is done.
This is meant primarily to support the transition of RTL83XX from PHY driver to PCS driver. Thus, it may be removed later again or kept if there is sufficient need for this.
In the PHY driver, firmware files were used to store configuration values for the SerDes which need to be applied upon initialization. There are several issues which prevent to just take that over into the PCS driver: * SerDes and PHY parts are mixed within a firmware file * SerDes access in PHY driver is based on writing into the switch's global register space; PCS driver uses access via MDIO interface --> destination values do not match * firmware file format is not SerDes-agnostic * no documentation or script for the "old" firmware files
Unfortunately, there is no proper firmware format yet where to take over the required sequences. Thus, extract the sequences needed for RTL838X SerDes, transform them to work with the MDIO based access and put them as functions in the PCS driver.
Note that this should just be a temporary solution. In a next step, a proper firmware format should be established and all configuration sequences currently in the code should be moved into firmware files.
realtek: pcs: rtl838x: import SerDes code from DSA/PHY
Import functions 'rtl8380_sds_rst', 'rtl8380_sds_power', 'rtl8380_configure_serdes' and 'rtl83xx_config_interface' from DSA and PHY driver respectively but comment the code for now.
The code needs heavy adjustments to make it compile and work. To make this as transparent as possible, do that in two stages.
The previous commit just imported some code as-is and commented it. It needs heavy adjustments to compile and work within the PCS driver. Do that now to that extent that it can be used within the driver. More cosmetics and improvements will be done later.
Split the once-for-all SerDes configuration into the usual flow where each SerDes is configured separately and on its own, as requested by the PCS subsystem.
Move mode setting and patching into proper functions which are called during SerDes configuration. Some configuration sequences are broken up and moved into the SerDes configuration flow, e.g. reset sequences because they were usually a single/few values applied to all SerDes at once before.
Add proper configuration for SerDes 4 QSGMII to be able to setup this mode properly on our own.
realtek: rtl838x: setup SDS entirely in PCS driver
After having moved the configuration code and sequences from PHY and DSA drivers to the PCS driver, add the hooks in PCS driver and remove calls in PHY and DSA drivers to let PCS driver setup the SerDes entirely on its own.
Also add pcs-handle to device tree definitions for most of the switch ports because, due to the refactoring of the SerDes configuration, this is needed now for all SerDes-attached ports.
realtek: rtl838x: drop SFP pseudo-PHYs and phy-handle
Remove all pseudo-PHYs and phy-handle properties from DTS of RTL838X devices. RTL838X SerDes is now handled by PCS driver and thus not treated as PHY anymore.
realtek: dsa,phy: rtl838x: remove 'SerDes as PHY' leftovers
RTL838X SerDes is now completely managed by the PCS driver so it's time to remove all the unused leftovers from DSA and PHY drivers to have that finally separated.
WLAN: MT7992AV WLAN 2g: MediaTek MT7975N, b/g/n/ax/be, MIMO 4x4 WLAN 5g: MediaTek MT7977B, a/n/ac/ax/be, MIMO 4x4 LEDs: 5 LEDs, 1 power green, 1 internet green, 2x fn green, 1 wlan green, gpio-controlled Button: 4 (Reset, WPS, FN1, FN2) USB port: Yes, 1xUSB3.2 and 1xUSB2.0 (via GL850G) Power: 12 VDC, 3 A
Notes: * The device supports dual boot mode * Fn2 led reassigned to wlan 2.4
Flash instruction: The only way to flash OpenWrt image is to use tftp recovery mode in U-Boot:
1. Configure PC with static IP 192.168.1.2/24 and tftp server. 2. a) Keenetic Rename "openwrt-mediatek-filogic-keenetic_kn-1812-squashfs-factory.bin" to "KN-1812_recovery.bin" and place it in tftp server directory. b) Netcraze Rename "openwrt-mediatek-filogic-netcraze_nc-1812-squashfs-factory.bin" to "NC-1812_recovery.bin" and place it in tftp server directory. 3. Connect PC with ethernet port, press the reset button, power up the device and keep button pressed until status led start blinking. 4. Device will download file from server, write it to flash and reboot.
mediatek: filogic: add support for Kebidumei AX3000-U22
Kebidumei AX3000-U22 is one of many clones of the same range extender that can be found on Aliexpress or other Chinese portals.
The easiest way to identify this model is by searching for "AX3000 Repeater" and picking the device that looks like mine [0].
Specification: - SoC: MediaTek MT7981B (1.3 GHz) - RAM: 256 MB - Flash: 16 MB SPI NOR - Ports: 1 x 1 GbE - Antenna: 6 (2 fake) - WiFi: MediaTek dual-band WiFi 6 - 2.4 GHz: b/g/n/ax, MIMO 2x2 - 5 GHz: a/n/ac/ax, MIMO 2x2 - Buttons: Reset & WPS - LEDs: Ethernet (green), Status (red, green, blue) - Power: 110–240 V AC (internal PSU, board uses 12 V DC) - Serial: unmarked connector on PCB [1: Vcc, 2: RX, 3: TX, 4: GND]
Install via OEM web UI: 1. Use reset button to perform factory reset. 2. Connect PC to LAN port and obtain DHCP address. 3. Upload the sysupgrade image via OEM firmware upgrade page, e.g. http://192.168.18.1/upgrade.html 4. After reboot, hold reset button to clear leftover vendor config.
Install via serial: 1. Connect serial console (115200 8N1). 2. Enter the console. 3. Backup mtd4 partition if you want to restore OEM FW later. 4. Download image. 5. Run 'sysupgrade -n'.
Revert to stock: 1. Run sysupgrade without keeping config using mtd4 backup.
MAC addresses LAN: Label MAC (stored in Factory partition offset 0x1fef20) WAN: LAN + 1 WiFi: LAN
Official LED layout, from left to right: [power] [internet] [wps] [wifi] [lan3/2/1] [wan]
Redefinition for OpenWrt: [power]: used for led-boot, led-failsafe, and led-running [internet]: used for WAN RX/TX indication [wps]: used for led-upgrade [wifi] and [lan3/2/1]: unchanged [wan]: used for WAN link indication
Installing OpenWrt: - Setup a tftp server on your PC. Copy xxx-preloader.bin, xxx-bl31-uboot.fip and xxx-initramfs.itb to tftp root directory. - Connect to the router via ssh or telnet, username: useradmin, password is the web login password of the router. - Backup all critical flash partitions with the following commands where x.x.x.x is the IP of your PC.
IP=x.x.x.x cd /dev for d in /sys/class/mtd/mtd?; do if [ "$(cat $d/name)" = "BL2" ]; then tftp -l $(basename $d) -r bl2.img -p $IP elif [ "$(cat $d/name)" = "FIP" ]; then tftp -l $(basename $d) -r fip.bin -p $IP elif [ "$(cat $d/name)" = "Factory" ]; then tftp -l $(basename $d) -r factory.bin -p $IP fi done for d in /sys/devices/virtual/ubi/ubi0/ubi0_*; do [ "$(cat $d/name)" != "customer" ] && continue tftp -l $(basename $d) -r customer -p $IP break done
- Set a static ip(192.168.1.254) for your PC. And then reboot the router. It will run initramfs image automatically. - After openwrt boots up, perform sysupgrade via web UI.
Reverting to the vendor firmware: - Setup a tftp server on your PC with ip address 192.168.1.254. And make sure bl2.img, fip.bin, factory.bin and customer are located in tftp root directory. - Power off the router. - Press and hold WPS key, then power on the router. - Release WPS key, when internet/wifi/wps leds are blinking. - Wait until internet/wifi/wps leds light up, power off the router. - Press and hold reset key, power up the router, release reset key 15s later. - Connect to http://192.168.1.1, now you can upload vendor .bin firmware.
Uboot netconsole: Uboot netconsole can be enabled by WPS or reset key.
- Setup a linux PC with ip 192.168.1.254. Open a new terminal and execute 'stty -isig -echo cbreak; nc -lup 6666' - Press and hold WPS(or reset) key, then power on the router. - Release key once internet/wifi/wps leds are all on. NOTE: don't hold the key more than 5s after internet/wifi/wps leds on, or it will try to revert to vendor firmware. - 5s later, uboot bootmenu will show on the terminal.
This fixes the following build error: ``` ../src/apk.c: In function 'parse_options': ../src/apk.c:584:4: error: a label can only be part of a statement and a declaration is not a statement 584 | char *arg = opt_parse_arg(&st); | ^~~~ ```
On the smartrg sr505n the bootloader only sets registers to enable the PHYs if it's interrupted. When Linux boots this results in a -EINVAL error when trying to read from the EPHYs and the GPHY doesn't work. This patch disables low power mode in the GPHY/EPHYs and properly resets the EPHYs.
ca00527e5fc3 statefiles: don't write empty hosts files 24b70c5c2ff0 Revert "statefiles: fix escape sequence for broken hostname output" 5203ad13954c statefiles: fix stale pio handling for !ubus a64760b30f67 odhcpd: rename piofolder to piodir 6779344a8c8a statefiles: use tmpfile functions for pio files 9f8abcc662d0 statefiles: rename prefix information functions cb65b83e524e config: move pio json handling to statefiles.c 5b01849cc42c statefiles: add a dirfd helper function eadde3d7dd74 statefiles: add tmp helper functions c29aa7091498 statefiles: fix escape sequence for broken hostname output 00f2d7a4dbe5 dhcpv4: don't send zero IPv6-only preferred option c86d29bb83d6 Revert "dhcpv6-ia: add some noise to the T1 and T2 periods" b062769ab85f Revert "do not delegate ULA prefixes" fd4714bb2dfe do not delegate ULA prefixes 81ea5bfef775 dhcpv6-ia: add some noise to the T1 and T2 periods
Downloading packages from git requires zstd to compress their tarballs. Make sure that zstd from host tools is compiled when running make download. Otherwise, either the download would fail because zstd is not present or a random version from the host would be used leading to hash mismatches.
Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu> Link: https://github.com/openwrt/openwrt/pull/21125 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: f3e4620)
The current default prioritizes legacy compatibility over: 1. BPF program functionality across multiple subsystems 2. Performance on widely deployed modern hardware 3. Modern kernel features relying on unaligned accesses
Since BPF programs require unaligned access capabilities and most LoongArch deployments use modern CPUs with hardware support, disable CONFIG_ARCH_STRICT_ALIGN. Legacy system users can manually enable it if needed.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com> Link: https://github.com/openwrt/openwrt/pull/21121 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: 9e92064)
Recent Python versions are strict about whitespace and will complain about mixtures of tabs and spaces. Convert any tabs so the script just use spaces for indentation.
The apk size did not increase much: Old size for armsr/armv8: 43778 ip-bridge-6.17.0-r1.apk 164653 ip-tiny-6.17.0-r1.apk 208236 tc-bpf-6.17.0-r1.apk 210209 tc-full-6.17.0-r1.apk 172483 tc-tiny-6.17.0-r1.apk
new size for armsr/armv8: 43781 ip-bridge-6.18.0-r1.apk 164956 ip-tiny-6.18.0-r1.apk 208578 tc-bpf-6.18.0-r1.apk 210482 tc-full-6.18.0-r1.apk 172664 tc-tiny-6.18.0-r1.apk
The apk size did not increase much: Old size for armsr/armv8: 767 libnl200-3.11.0-r1.apk 13480 libnl-cli200-3.11.0-r1.apk 44511 libnl-core200-3.11.0-r1.apk 9101 libnl-genl200-3.11.0-r1.apk 32485 libnl-nf200-3.11.0-r1.apk 185723 libnl-route200-3.11.0-r1.apk
new size for armsr/armv8: 764 libnl200-3.12.0-r1.apk 13471 libnl-cli200-3.12.0-r1.apk 45031 libnl-core200-3.12.0-r1.apk 9098 libnl-genl200-3.12.0-r1.apk 32479 libnl-nf200-3.12.0-r1.apk 193131 libnl-route200-3.12.0-r1.apk
Add patch `003-Revert-libcap-Add-build-ldflags-to-_makenames-rule.patch` to fix errors in the form of: ``` /usr/bin/ld.bfd: /external-toolchain/openwrt-toolchain-x86-64_gcc-14.3.0_musl.Linux-x86_64/toolchain-x86_64_gcc-14.3.0_musl/lib/libc.a(__stack_chk_fail.o): relocation R_X86_64_32 against symbol `__stack_chk_guard' can not be used when making a PIE object; recompile with -fPIE /usr/bin/ld.bfd: /external-toolchain/openwrt-toolchain-x86-64_gcc-14.3.0_musl.Linux-x86_64/toolchain-x86_64_gcc-14.3.0_musl/lib/libc.a(strerror.o): relocation R_X86_64_32 against `.rodata.errmsgstr' can not be used when making a PIE object; recompile with -fPIE /usr/bin/ld.bfd: /external-toolchain/openwrt-toolchain-x86-64_gcc-14.3.0_musl.Linux-x86_64/toolchain-x86_64_gcc-14.3.0_musl/lib/libc.a(realloc.o): relocation R_X86_64_32S against hidden symbol `__malloc_size_classes' can not be used when making a PIE object /usr/bin/ld.bfd: /external-toolchain/openwrt-toolchain-x86-64_gcc-14.3.0_musl.Linux-x86_64/toolchain-x86_64_gcc-14.3.0_musl/lib/libc.a(__stdout_write.o): relocation R_X86_64_32S against hidden symbol `__stdio_write' can not be used when making a PIE object /usr/bin/ld.bfd: /external-toolchain/openwrt-toolchain-x86-64_gcc-14.3.0_musl.Linux-x86_64/toolchain-x86_64_gcc-14.3.0_musl/lib/libc.a(ofl.o): relocation R_X86_64_32 against `.bss.ofl_lock' can not be used when making a PIE object; recompile with -fPIE /usr/bin/ld.bfd: /external-toolchain/openwrt-toolchain-x86-64_gcc-14.3.0_musl.Linux-x86_64/toolchain-x86_64_gcc-14.3.0_musl/lib/libc.a(stderr.o): warning: relocation against `__stderr_FILE' in read-only section `.rodata.stderr' /usr/bin/ld.bfd: /usr/lib/gcc/x86_64-linux-gnu/10/../../../x86_64-linux-gnu/Scrt1.o: in function `_start': (.text+0x12): undefined reference to `__libc_csu_fini' /usr/bin/ld.bfd: (.text+0x19): undefined reference to `__libc_csu_init' collect2: error: ld returned 1 exit status ```
afe4be60628a lib/fs: fix return value for flush 5f08ecf8e372 lib/uloop: fix return value doc for run() 1affe484f302 lib/uloop: pass eof and error to cb 559860cbd76d lib: introduce io library ef07e2448a56 vm: optimize string+string concat with ucv_string_alloc
Based on 35f6d79, which introduced Watchguard Firebox T10 support.
The T10 and T15 are identical hardware, with the exception of the T15 having twice the flash and RAM size.
The T10-W and T15-W models have their Mini-PCIe slot populated with an ath9 (AR9582) based WiFi card. The slot is either unpopulated or empty for non-WiFi models. All required drivers are present by default on the mpc85xx target, so T10/T10-W resp. T15/T15-W can use the same OpenWrt image.
This commit also introduces the zImage loader from 7d768a9 to boot the kernel. This is required, since the U-Boot version used in these devices appears to have a hard limit of 16MB for the kernel size it can handle. The current kernel size is around 17MB, though, due to kernel page alignment required for memory protection.
Installation (replaces previous instructions for T10):
1. If the U-Boot password is known, proceed with step 2.
If the U-Boot password is unknown, dump the NOR flash using a SPI programmer and patch the unknown password to a known one. You can use blocktrron's Python script:
https://github.com/blocktrron/t10-uboot-patcher/
This script will patch the password to '1234' (without quotes).
Alternatively, you can search for the hashed password in the NOR dump yourself and overwrite it with a known one. The SHA1 hash is:
E597301A1D89FF3F6D318DBF4DBA0A5ABC5ECBEA
Write the patched NOR dump back to the device.
2. Connect the device via serial cable, power it on and interrupt the boot process by pressing Ctrl+C. Enter the U-Boot password to access the CLI.
3. (Optional) Populate the uboot-env partition by entering:
saveenv
This will allow you to use uboot-envtools from within OpenWrt later, e.g. to increase the loadable kernel size.
The default loadable kernel size is 5MB, the compressed kernel size at the time of this commit is 3.1MB.
4. Serve the initramfs OpenWrt image from a TFTP server at 10.0.1.13/24, connected to eth0 (WAN) of the device. File name must be 'uImage'. Boot with:
tftpboot; bootm;
Make sure to use the correct image for your device (T10 resp. T15)!
5. After booting, connect to OpenWrt on eth1 (LAN) via SSH. Verify that the UBI partiton is mtd7, format it and install the sysupgrade image.
6. The device should now boot OpenWrt from NAND flash. Enjoy.
Back to stock:
Use the vendor recovery procedure.
Stock recovery might also be necessary in case you have accidentally used the fw_setenv command from within OpenWrt without using saveenv in U-Boot first.
In order to use the vendor firmware recovery procedure, the NAND partitions mtd3 to mtd6 must remain intact. Make sure not to overwrite them, or keep dumps of them for later recovery.
Add the DDR4_4BG_MODE option, which supports 4GB DDR4 RAM for the MT7987 and 8GB DDR4 RAM for the MT7988. If this mode is not enabled, bl2 can only recognize half the size of RAM.
