8491119 renderer: make SSID naming band-aware for stable section names
69cf683 renderer: derive no_reconf from radio reconf capability
13f797e radio: use PHY-reported channels instead of hardcoded lists
e5a6295 state: guard against null devstats in iface_add_counters
Signed-off-by: John Crispin <john@phrozen.org>
Set reconf=true in wiphy info during radio detection, indicating that
Wi-Fi 7 radios support BSS reconfiguration without requiring full
interface teardown.
This complements the bss_reload fix by ensuring the reconfiguration
capability is advertised to netifd, allowing it to choose the hot
reload path when appropriate.
Signed-off-by: Venkat Chimata <venkat@nearhop.com>
On Wi-Fi 7 platforms, BSS reload events were always propagated with
reconf=false, forcing netifd/hostapd into a full teardown path even
when a reconfiguration reload was requested.
This change restores the original intent by propagating the reconf
flag correctly from the reload path, allowing hostapd to distinguish
between reconfiguration-capable reloads and teardown-required cases.
With this change, hot reload works consistently on Wi-Fi 7 APs in the
same way as on Wi-Fi 6 platforms, avoiding unnecessary wireless
teardown and driver reinitialization.
Signed-off-by: Venkat Chimata <venkat@nearhop.com>
Fix three issues preventing 6G non-primary SSIDs from connecting on
CIG WF-196:
1. Fix #num_global_macaddr config parsing: the value was stored with
the '#' prefix but accessed without it, causing the setting to be
silently ignored (always defaulting to 1).
2. Fix MBSSID config parsing: look for 'multiple_bssid' (the actual
hostapd config key) instead of 'mbssid'.
3. Fix B5 MAC generation for MBSSID: swap bytes 3 and 5, clear lower
nibble of byte 5, then set locally-administered bit. This avoids
MAC collisions with 6G multi-BSSID interfaces.
4. Add iface_macaddr_init() wrapper to ensure mbssid parameter is
passed consistently during both iface_restart and iface_reload_config.
Signed-off-by: ruanyaoyu <ruanyaoyu@cigtech.com>
When using dynamic VLAN (AP_VLAN) on 5 GHz, CSA finalize may call
_ieee80211_sta_cap_rx_bw() with a non-NULL chandef whose ->chan is NULL.
This leads to a NULL pointer dereference at chandef->chan->band and a
kernel panic.
Avoid the crash by validating chandef->chan before accessing the band and
fall back to the existing non-chandef path when the channel pointer is not
available during CSA.
Trace:
Unable to handle kernel read from unreadable memory at virtual address 0000000000000000
Internal error: Oops: 0000000096000005 [#1] SMP
CPU: 0 PID: 59 Comm: kworker/u4:2
Workqueue: events_unbound wiphy_delayed_work_pending [cfg80211]
Hardware name: Edgecore EAP111 (DT)
pc : _ieee80211_sta_cap_rx_bw+0x14/0xcc [mac80211]
lr : _ieee80211_sta_cur_vht_bw+0x20/0xb0 [mac80211]
Call trace:
_ieee80211_sta_cap_rx_bw+0x14/0xcc [mac80211]
ieee80211_iter_chan_contexts_atomic+0x260/0xf38 [mac80211]
ieee80211_link_unreserve_chanctx+0x430/0xab8 [mac80211]
ieee80211_link_use_reserved_context+0xac/0xf4 [mac80211]
ieee80211_nan_func_terminated+0x3f8c/0x4f00 [mac80211]
ieee80211_csa_finalize_work+0x2c/0x34 [mac80211]
wiphy_delayed_work_pending+0x298/0x3bc [cfg80211]
process_one_work+0x178/0x2f0
worker_thread+0x2e8/0x4d4
kthread+0xdc/0xe0
ret_from_fork+0x10/0x20
Kernel panic - not syncing: Oops: Fatal exception
Fixes: WIFI-15312
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
On dual boot bank devices, avoid running EST twice by checking for
operational certificates before falling back to the alternate bank.
Previously, after an upgrade the AP would boot from the alternate bank,
find only birth certificates there, and run EST again - resulting in
duplicate operational certificates.
Now the flow is:
- If operational.pem exists in current bank, use it
- If only birth certs in current bank, check alternate bank
- Single boot bank devices behave as before
Fixes: WIFI-15292
Signed-off-by: John Crispin <john@phrozen.org>
Description:
Hostapd successfully parsed the uplink and downlink bandwidth attributes from
the RADIUS server, but the values were not being propagated correctly into
sta_info. As a result, the bandwidth information was missing in the UBUS
events sent to ucentral-event.
Fix:
Ensure the parsed bandwidth values are correctly passed to sta_info so they
are included in subsequent UBUS notifications.
Tests Performed:
Configured per-client bandwidth limits on the RADIUS server and verified that:
- The AP enforces the configured uplink/downlink limits, and
- The correct bandwidth values appear in the UBUS events.
Signed-off-by: Venkat Chimata <venkat@nearhop.com>
Interfaces like phy6g-ap0 can produce overly long IFB device names
(e.g., i-phy6g-ap0), which may exceed kernel name-length limits,
specifically in case of VLANs.
This patch normalizes such interface names by replacing the phy
prefix with p and shortening ap → a, producing more compact
IFB device names (e.g., i-p2g-a0).
Other interfaces continue using their original names.
Signed-off-by: Venkat Chimata <venkat@nearhop.com>
a6fdd32 cmd_upgrade: enable curl to follow redirects
1c3e51f fix: Updated schema to fix issue with fingerprinting raw mode
Signed-off-by: John Crispin <john@phrozen.org>
Enable the CONFIG_GPIO_WATCHDOG of kernel config
Add the 'wdt' watchdog service in /etc/init.d/
Signed-off-by: Yang-Yongzhi <yangyongzhi@asterfusion.com>
Description:
The num_peers counter does not always update at the exact moment a peer is deleted.
Since deletion and decrement are not fully atomic, there are scenarios where
num_peers can drift out of sync with the actual number of peers.
Fix:
A complete rewrite of the num_peers update logic—ensuring fully correct
increment/decrement handling during peer insertion and deletion—would require
significant effort and QA validation. As an immediate and effective solution,
this patch synchronizes num_peers with the actual peer count whenever a mismatch
is detected.
Fixes WIFI-14998 and indirectly resolves WIFI-15202.
Signed-off-by: Venkat Chimata <venkat@nearhop.com>
In the DP RX path, fast_rx is set to true by default.
Currently, if peer lookup fails in ath11k_dp_rx_h_mpdu(), the SKB is not sent
to the network stack or mac80211 because fast_rx remains true. This results
in a memory leak.
Fix this by setting fast_rx = false when peer lookup fails in
ath11k_dp_rx_h_mpdu(), ensuring the SKB is properly delivered to mac80211
via ath11k_dp_rx_deliver_msdu().
Fixes: WIFI-15202
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
The num_peers counter becomes corrupted during peer deletion due to race
conditions between ath11k_peer_delete() and ath11k_peer_unmap_event().
The firmware may or may not send unmap events, and the timing varies,
causing the counter to either leak (increment without decrement) or
underflow (double decrement).
Root causes:
1. ath11k_peer_delete() doesn't decrement num_peers, relying on
ath11k_peer_unmap_event() to do it
2. Firmware sometimes doesn't send unmap events, leaving num_peers
inflated
3. When unmap events do arrive, timing races with ath11k_peer_delete()
can cause missed decrements
4. Cleanup paths may double-decrement if delete_in_progress not checked
5. num_peers modified outside proper locking in some paths
This fix:
- Moves num_peers decrement into ath11k_peer_delete() after successful
peer deletion wait, ensuring exactly one decrement per deletion
- Handles both cases: peer removed by unmap event, or peer still in list
- Removes num_peers decrement from ath11k_peer_unmap_event() to prevent
double-decrement when unmap event arrives
- Adds ath11k_dp_peer_cleanup() call before ath11k_peer_delete() in
roaming path to ensure datapath structures properly cleaned up
- Adds delete_in_progress checks in cleanup paths to prevent
double-delete
- Ensures all num_peers modifications happen under base_lock
- Adds comprehensive debug logging to track num_peers throughout peer
lifecycle
Signed-off-by: Arif Alam <arif.alam@netexperience.com>
Signed-off-by: John Crispin <john@phrozen.org>
1. When a connected client roams to another AP, the AP is trying to delete the peer
but for some reason the WMI command times out and while driver is waiting for
the response, we observed that the AP doesn't respond to any frames from STA
(probe requests, authentication etc) and once the response times out (3seconds default)
then AP starts responding to the older requets but client has already connected to
another AP. As the root cause for the response timing out is in the FW, we added
a WAR to reduce the timeout to minimize this blind period, with this AP responds
after 100ms and client connects successfully. And 100ms timeout is also reasonable
for this internal operation.
2. In case of peer deletion timeout, the driver peer database is not cleared, so,
if this happens often (which it is) then eventually we hit the max peers in the
driver and all subsequent operations fail, so, in case of timeout ignore the failure
and proceed with driver peer database cleanup.
Signed-off-by: Venkat Chimata <venkat@nearhop.com>
Add bind-dig package dependency required for CAA record lookups
in est_client, which uses the dig command to query DNS for EST
server discovery.
Signed-off-by: John Crispin <john@phrozen.org>
Change standard FQDN from 'openwifi.network' to 'openwifi.wlan.local'
to prevent DNS hijacking attacks. The .local TLD is reserved for local
network use (mDNS) and cannot be registered in public DNS, ensuring
that discovery traffic cannot be redirected to attacker-controlled
infrastructure.
Signed-off-by: John Crispin <john@phrozen.org>
Move EST client enrollment to occur immediately after successful DHCP
discovery and before starting the ucentral client. This ensures
controller-specific certificates are enrolled before attempting to
connect. If EST enrollment fails during DHCP discovery, the client
will not be started.
Adjust interval_handler to call EST enrollment after DHCP discovery
attempt rather than before, ensuring proper certificate handling for
DHCP-discovered controllers.
Signed-off-by: John Crispin <john@phrozen.org>
Replace resolv module usage with dig command for CAA record lookups
to simplify DNS query handling. Reorganise cert_prefix_determine() to
prioritise controller-specific FQDN from cloud.json before checking
discovery method.
Add extensive debug logging throughout to aid troubleshooting of EST
enrollment process, including curl commands and exit codes.
Signed-off-by: John Crispin <john@phrozen.org>
The air-gapped EST server uses a certificate signed by the OpenLAN
Server Issuing CA. This certificate is used to ensure mTLS
authentication when the device connects to the EST server.
Signed-off-by: John Crispin <john@phrozen.org>
Add dnsmasq_rebind_allow() function to automatically whitelist controller
FQDNs for private IP resolution in air-gapped deployments.
When dnsmasq's boguspriv option is enabled (default), it blocks DNS
responses containing private IP addresses (RFC 1918) as a security
measure. This prevents DHCP Option 224 from resolving controller FQDNs
to local private IPs in air-gapped networks.
Solution: Inject rebind-domain-ok directives into /tmp/dnsmasq.d/
directory, which dnsmasq automatically includes via --conf-dir option.
Behaviour:
- DHCP discovery: Whitelist FQDN from dhcp_server field
- Standard FQDN discovery: Whitelist openwifi.network
- Centralized discovery: No changes (public IPs not affected)
This maintains security by only allowing specific controller domains
to resolve to private IPs whilst filtering all other RFC 1918 responses.
Signed-off-by: John Crispin <john@phrozen.org>
Add cert_prefix_determine() function that reads discovery method from
/tmp/discovery.method and determines appropriate certificate naming:
- Centralized (OpenLAN redirector): operational.pem/operational.ca
- Air-gapped (DHCP/FQDN/Flash): <controller-fqdn>.pem/<controller-fqdn>.ca
The FQDN is extracted from the controller address in /tmp/cloud.json
(DHCP Option 224).
This enables APs to enrol and store separate operational certificates
for multiple controllers, supporting portability between centralized
and air-gapped deployments without certificate conflicts.
Signed-off-by: John Crispin <john@phrozen.org>
Extend gateway.json to include cert and ca fields specifying which
certificate files the client should use for the connection.
Certificate naming strategy:
- Centralized (redirector discovery): operational.pem/operational.ca
- Air-gapped (DHCP/FQDN/Flash): <fqdn>.pem/<fqdn>.ca
Write discovery method to /tmp/discovery.method so est_client can
determine appropriate certificate naming when enrolling.
This enables APs to maintain separate operational certificates for
multiple controllers and automatically select the correct certificates
based on which controller they're connecting to.
Signed-off-by: John Crispin <john@phrozen.org>
Modify early_boot init script to copy all .pem and .ca files from
/certificates/ to /etc/ucentral/ instead of only operational.pem
and operational.ca.
This enables support for multiple trust chains where certificates
are stored with FQDN-based names (e.g., controller.example.com.pem)
alongside the traditional operational.pem.
The simple wildcard copy allows air-gapped deployments to maintain
certificates for multiple controllers without complex logic.
Signed-off-by: John Crispin <john@phrozen.org>
Add discovery method that attempts to resolve a standard FQDN when DHCP
discovery fails. This enables zero-touch provisioning in environments
where administrators configure DNS without modifying DHCP infrastructure.
The standard FQDN is configurable via STANDARD_FQDN constant (defaults
to "openwifi.network"). Administrators can configure their local DNS to
resolve this FQDN to their controller, allowing APs to discover the
controller automatically.
Discovery priority order:
1. EST enrollment (blocking)
2. DHCP discovery (Option 224/138)
3. Flash-based configuration
4. Standard FQDN resolution (NEW)
5. Cloud redirector service (internet-connected only)
The implementation uses the resolv module for DNS queries, performing
A record lookups. If resolution fails, discovery continues to the next
method. The standard FQDN method integrates with the existing discovery
block list mechanism to prevent repeated failed attempts.
Note: The boguspriv dnsmasq option may prevent FQDNs from resolving to
private IPs. Administrators should either use CG NAT Safe IP addresses
(100.64.0.0/10) or configure dnsmasq with rebind-domain-ok exceptions.
Signed-off-by: John Crispin <john@phrozen.org>
Implement EST server discovery via CAA DNS records for air-gapped
deployments. When DHCP Option 224 provides a controller FQDN, query
CAA records to determine the appropriate EST server endpoint.
The discovery flow:
1. Read controller FQDN from /tmp/cloud.json (set by DHCP handler)
2. Query CAA records for the controller domain
3. Use EST server from CAA 'issue' tag if present
4. Fall back to certificate issuer-based selection if CAA lookup fails
This allows network administrators to configure local EST servers via
DNS rather than relying on hardcoded public endpoints. Air-gapped
deployments can now specify private EST servers through standard DNS
infrastructure.
Example DNS configuration:
controller.local. IN CAA 0 issue "est.local:8001"
When an AP receives controller.local via DHCP Option 224, it will
query CAA records and use est.local:8001 for certificate enrollment
instead of the public est.certificates.open-lan.org endpoint.
Signed-off-by: John Crispin <john@phrozen.org>
Add missing ';;' after edgecore,eap111/eap112 LED configuration to
prevent fall-through to subsequent case statements.
Signed-off-by: John Crispin <john@phrozen.org>
