From 83874b75f3187214eed0af8f5d64cfb5b7472a5e Mon Sep 17 00:00:00 2001 From: Tanya Singh Date: Fri, 1 Aug 2025 18:00:35 +0800 Subject: [PATCH 01/21] mediatek-sdk: Remove extra lines (for logging) from 99-mtk-sr-scene-cond Signed-off-by: Tanya Singh --- .../mt7981/base-files/etc/hotplug.d/iface/99-mtk-sr-scene-cond | 2 -- 1 file changed, 2 deletions(-) diff --git a/feeds/mediatek-sdk/mediatek/mt7981/base-files/etc/hotplug.d/iface/99-mtk-sr-scene-cond b/feeds/mediatek-sdk/mediatek/mt7981/base-files/etc/hotplug.d/iface/99-mtk-sr-scene-cond index aa72ab6e3..a8624e866 100755 --- a/feeds/mediatek-sdk/mediatek/mt7981/base-files/etc/hotplug.d/iface/99-mtk-sr-scene-cond +++ b/feeds/mediatek-sdk/mediatek/mt7981/base-files/etc/hotplug.d/iface/99-mtk-sr-scene-cond @@ -34,13 +34,11 @@ case "$board" in if [ -f "$phy0_file" ]; then check_phy0=$(cat $phy0_file) - echo "check_phy0 = $check_phy0" [ "$check_phy0" == 0 ] && echo 1 > $phy0_file fi if [ -f "$phy1_file" ]; then check_phy1=$(cat $phy1_file) - echo "check_phy1 = $check_phy1" [ "$check_phy1" == 0 ] && echo 1 > $phy1_file fi From 8c11eb23a3cff0401945528876aa27264708d3cb Mon Sep 17 00:00:00 2001 From: John Crispin Date: Mon, 4 Aug 2025 08:35:42 +0200 Subject: [PATCH 02/21] mt7621: add insta1/2 partitions for yuncore ax820 Signed-off-by: John Crispin --- .../certificates/files/usr/bin/mount_certs | 3 +- .../certificates/files/usr/bin/store_certs | 3 +- ...uncore_ax820-add-insta1-2-partitions.patch | 36 +++++++++++++++++++ 3 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 patches/0097-yuncore_ax820-add-insta1-2-partitions.patch diff --git a/feeds/tip/certificates/files/usr/bin/mount_certs b/feeds/tip/certificates/files/usr/bin/mount_certs index 60ece34b1..0acfc84fe 100755 --- a/feeds/tip/certificates/files/usr/bin/mount_certs +++ b/feeds/tip/certificates/files/usr/bin/mount_certs @@ -45,7 +45,8 @@ sonicfi,rap7*) fi fi ;; -udaya,a5-id2) +udaya,a5-id2|\ +yuncore,ax820) mtd=$(find_mtd_index certificates) if [ "$(head -c 4 /dev/mtd$mtd)" == "hsqs" ]; then mount -t squashfs /dev/mtdblock$mtd /mnt diff --git a/feeds/tip/certificates/files/usr/bin/store_certs b/feeds/tip/certificates/files/usr/bin/store_certs index 8d2dd47b7..4960f120d 100755 --- a/feeds/tip/certificates/files/usr/bin/store_certs +++ b/feeds/tip/certificates/files/usr/bin/store_certs @@ -21,7 +21,8 @@ sonicfi,rap7110c-341x) mmc_dev=$(echo $(find_mmc_part $part) | sed 's/^.\{5\}//') dd if=/tmp/certs.tar of=/dev/$mmc_dev ;; -udaya,a5-id2) +udaya,a5-id2|\ +yuncore,ax820) cd /certificates tar cf /tmp/certs.tar . part=$(tar_part_lookup "insta1" "insta2") diff --git a/patches/0097-yuncore_ax820-add-insta1-2-partitions.patch b/patches/0097-yuncore_ax820-add-insta1-2-partitions.patch new file mode 100644 index 000000000..237192375 --- /dev/null +++ b/patches/0097-yuncore_ax820-add-insta1-2-partitions.patch @@ -0,0 +1,36 @@ +From 3ceb72aaffa13375c049d161702e9d9f55da38c8 Mon Sep 17 00:00:00 2001 +From: John Crispin +Date: Mon, 4 Aug 2025 08:34:50 +0200 +Subject: [PATCH] yuncore_ax820: add insta1/2 partitions + +Signed-off-by: John Crispin +--- + target/linux/ramips/dts/mt7621_yuncore_ax820.dts | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/target/linux/ramips/dts/mt7621_yuncore_ax820.dts b/target/linux/ramips/dts/mt7621_yuncore_ax820.dts +index b2f55b9be0..cc1b59340b 100644 +--- a/target/linux/ramips/dts/mt7621_yuncore_ax820.dts ++++ b/target/linux/ramips/dts/mt7621_yuncore_ax820.dts +@@ -120,7 +120,17 @@ + partition@90000 { + compatible = "denx,uimage"; + label = "firmware"; +- reg = <0x90000 0xf60000>; ++ reg = <0x90000 0xf40000>; ++ }; ++ ++ partition@fd0000 { ++ label = "insta1"; ++ reg = <0xfd0000 0x10000>; ++ }; ++ ++ partition@fe0000 { ++ label = "insta2"; ++ reg = <0xfe0000 0x10000>; + }; + + partition@ff0000 { +-- +2.34.1 + From 7352de2421d40f2a2862955444dd24e85eb0033c Mon Sep 17 00:00:00 2001 From: John Crispin Date: Mon, 4 Aug 2025 08:36:13 +0200 Subject: [PATCH 03/21] update to latest HEAD e27ecb4 ssid: decouple batman tunnel from meshpoint interfaces Signed-off-by: John Crispin --- feeds/ucentral/ucentral-schema/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/feeds/ucentral/ucentral-schema/Makefile b/feeds/ucentral/ucentral-schema/Makefile index d9a2e7de6..489c62cfa 100644 --- a/feeds/ucentral/ucentral-schema/Makefile +++ b/feeds/ucentral/ucentral-schema/Makefile @@ -4,10 +4,10 @@ PKG_NAME:=ucentral-schema PKG_RELEASE:=1 PKG_SOURCE_URL=https://github.com/Telecominfraproject/wlan-ucentral-schema.git -PKG_MIRROR_HASH:=45575f1f345368d109f74dc5ae3c8648dadbebef37e2d8eadc95b4fca2fbf43f +PKG_MIRROR_HASH:=9c1db8bfe1090463097c6895d2717f6917ce2c6cfeecc45049f469d7a2d86e7a PKG_SOURCE_PROTO:=git -PKG_SOURCE_DATE:=2025-07-30 -PKG_SOURCE_VERSION:=30c73745c104d56f58d4f457956fe7ebac6e0f86 +PKG_SOURCE_DATE:=2025-08-04 +PKG_SOURCE_VERSION:=e27ecb4cd723c48657b39441afd9ce4f095081ce PKG_MAINTAINER:=John Crispin PKG_LICENSE:=BSD-3-Clause From b036ba37e3bb4099055a0c8badb322b3f23566b2 Mon Sep 17 00:00:00 2001 From: jackcybertan Date: Mon, 4 Aug 2025 08:39:22 +0200 Subject: [PATCH 04/21] certificates: Store-PKI2.0-key-for-RAP6x-production Fixes: WIFI-14951 Signed-off-by: jackcybertan --- feeds/tip/certificates/files/usr/bin/mount_certs | 2 +- feeds/tip/certificates/files/usr/bin/store_certs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/feeds/tip/certificates/files/usr/bin/mount_certs b/feeds/tip/certificates/files/usr/bin/mount_certs index 0acfc84fe..24ba00245 100755 --- a/feeds/tip/certificates/files/usr/bin/mount_certs +++ b/feeds/tip/certificates/files/usr/bin/mount_certs @@ -66,7 +66,7 @@ sonicfi,rap6*) cp /mnt/* /certificates umount /mnt fi - part=$(tar_part_lookup "0:BOOTCONFIG" "0:BOOTCONFIG1") + part=$(tar_part_lookup "devinfo" "certificates") if [ -n "$part" ]; then mtd=$(find_mtd_index $part) [ -n "$mtd" ] && tar xf /dev/mtdblock$mtd -C /certificates diff --git a/feeds/tip/certificates/files/usr/bin/store_certs b/feeds/tip/certificates/files/usr/bin/store_certs index 4960f120d..8bcf136f2 100755 --- a/feeds/tip/certificates/files/usr/bin/store_certs +++ b/feeds/tip/certificates/files/usr/bin/store_certs @@ -33,7 +33,7 @@ sonicfi,rap6*) if [ "$(fw_printenv -n store_certs_disabled)" != "1" ]; then cd /certificates tar cf /tmp/certs.tar . - part=$(tar_part_lookup "0:BOOTCONFIG" "0:BOOTCONFIG1") + part=$(tar_part_lookup "devinfo" "certificates") mtd=$(find_mtd_index $part) block_size=$(cat /sys/class/mtd/mtd$mtd/size) dd if=/tmp/certs.tar of=/tmp/certs_pad.tar bs=$block_size conv=sync From efd804987ee6d6c6f89a60be83ddde2e353c8479 Mon Sep 17 00:00:00 2001 From: John Crispin Date: Mon, 4 Aug 2025 15:44:21 +0200 Subject: [PATCH 05/21] rtty: there was an error in the operationalpem passed to the client Signed-off-by: John Crispin --- feeds/ucentral/rtty/files/rtty.init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/feeds/ucentral/rtty/files/rtty.init b/feeds/ucentral/rtty/files/rtty.init index 61ade41a9..46fcdb964 100644 --- a/feeds/ucentral/rtty/files/rtty.init +++ b/feeds/ucentral/rtty/files/rtty.init @@ -51,7 +51,7 @@ start_rtty() { procd_set_param command $BIN -h $host -I "$id" -a [ -n "$port" ] && procd_append_param command -p "$port" [ -n "$description" ] && procd_append_param command -d "$description" - [ "$ssl" = "1" ] && procd_append_param command -s -c /etc/ucentral/opertional.pem -k /etc/ucentral/key.pem + [ "$ssl" = "1" ] && procd_append_param command -s -c /etc/ucentral/operational.pem -k /etc/ucentral/key.pem [ -n "$token" ] && procd_append_param command -t "$token" [ "$verbose" = "1" ] && procd_append_param command -v [ "$timeout" -eq "0" ] || procd_append_param command -e $timeout From 8a68073f4f24d4dcbcc494e1f0921f3cccc062d4 Mon Sep 17 00:00:00 2001 From: John Crispin Date: Mon, 4 Aug 2025 16:33:15 +0200 Subject: [PATCH 06/21] ucentral-schema: update to latest HEAD remove a patch that was accidentally merged Signed-off-by: John Crispin --- feeds/ucentral/ucentral-schema/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/feeds/ucentral/ucentral-schema/Makefile b/feeds/ucentral/ucentral-schema/Makefile index 489c62cfa..c71da1dc9 100644 --- a/feeds/ucentral/ucentral-schema/Makefile +++ b/feeds/ucentral/ucentral-schema/Makefile @@ -4,10 +4,9 @@ PKG_NAME:=ucentral-schema PKG_RELEASE:=1 PKG_SOURCE_URL=https://github.com/Telecominfraproject/wlan-ucentral-schema.git -PKG_MIRROR_HASH:=9c1db8bfe1090463097c6895d2717f6917ce2c6cfeecc45049f469d7a2d86e7a PKG_SOURCE_PROTO:=git PKG_SOURCE_DATE:=2025-08-04 -PKG_SOURCE_VERSION:=e27ecb4cd723c48657b39441afd9ce4f095081ce +PKG_SOURCE_VERSION:=1c6b3095cb9e398fcbfcb2bf995365066eb76b21 PKG_MAINTAINER:=John Crispin PKG_LICENSE:=BSD-3-Clause From a967d67af37f159975813975a712b1934d8aa0e8 Mon Sep 17 00:00:00 2001 From: jackcybertan Date: Tue, 5 Aug 2025 16:00:57 +0800 Subject: [PATCH 07/21] qca-wifi-7: Added ramoops support for SonicFi IPQ5332 devices Fixes: WIFI-14869 Signed-off-by: jackcybertan --- .../ipq53xx/dts/ipq5332-sonicfi-rap7110c-341x.dts | 14 ++++++++++++++ .../ipq53xx/dts/ipq5332-sonicfi-rap750e-h.dts | 8 ++++++++ .../ipq53xx/dts/ipq5332-sonicfi-rap750e-s.dts | 8 ++++++++ .../ipq53xx/dts/ipq5332-sonicfi-rap750w-311a.dts | 8 ++++++++ 4 files changed, 38 insertions(+) diff --git a/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap7110c-341x.dts b/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap7110c-341x.dts index a4de88128..30ed3d920 100755 --- a/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap7110c-341x.dts +++ b/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap7110c-341x.dts @@ -31,6 +31,20 @@ stdout-path = "serial0"; }; + reserved-memory { + #address-cells = <2>; + #size-cells = <2>; + ranges; + + ramoops@49c00000 { + compatible = "ramoops"; + reg = <0x0 0x49c00000 0x0 0x100000>; + record-size = <0x20000>; + console-size = <0x20000>; + pmsg-size = <0x20000>; + }; + }; + soc@0 { mdio:mdio@90000 { pinctrl-0 = <&mdio1_pins>; diff --git a/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap750e-h.dts b/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap750e-h.dts index 2efeb664e..37c0af7b2 100755 --- a/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap750e-h.dts +++ b/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap750e-h.dts @@ -190,6 +190,14 @@ /delete-node/ wcnss@4a900000; /delete-node/ q6_caldb_region@4ce00000; + ramoops@49c00000 { + compatible = "ramoops"; + reg = <0x0 0x49c00000 0x0 0x100000>; + record-size = <0x20000>; + console-size = <0x20000>; + pmsg-size = <0x20000>; + }; + q6_mem_regions: q6_mem_regions@4A900000 { no-map; reg = <0x0 0x4A900000 0x0 0x5100000>; diff --git a/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap750e-s.dts b/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap750e-s.dts index bcdf1c929..111b6624a 100755 --- a/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap750e-s.dts +++ b/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap750e-s.dts @@ -190,6 +190,14 @@ /delete-node/ wcnss@4a900000; /delete-node/ q6_caldb_region@4ce00000; + ramoops@49c00000 { + compatible = "ramoops"; + reg = <0x0 0x49c00000 0x0 0x100000>; + record-size = <0x20000>; + console-size = <0x20000>; + pmsg-size = <0x20000>; + }; + q6_mem_regions: q6_mem_regions@4A900000 { no-map; reg = <0x0 0x4A900000 0x0 0x5100000>; diff --git a/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap750w-311a.dts b/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap750w-311a.dts index 600ad6b66..38293524c 100755 --- a/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap750w-311a.dts +++ b/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap750w-311a.dts @@ -190,6 +190,14 @@ /delete-node/ wcnss@4a900000; /delete-node/ q6_caldb_region@4ce00000; + ramoops@49c00000 { + compatible = "ramoops"; + reg = <0x0 0x49c00000 0x0 0x100000>; + record-size = <0x20000>; + console-size = <0x20000>; + pmsg-size = <0x20000>; + }; + q6_mem_regions: q6_mem_regions@4A900000 { no-map; reg = <0x0 0x4A900000 0x0 0x5100000>; From de7dc7e01afeffd10d41507c8a500c9d6ac1aaa7 Mon Sep 17 00:00:00 2001 From: Tanya Singh Date: Wed, 6 Aug 2025 13:56:41 +0800 Subject: [PATCH 08/21] ipq50xx: Fix bootbank switching when firmware upgrade is triggered for Edgecore EAP104 and OAP101 series Fixes: WIFI-14957 Signed-off-by: Tanya Singh --- .../base-files/lib/upgrade/platform.sh | 39 ++++++++++++------- 1 file changed, 26 insertions(+), 13 deletions(-) diff --git a/feeds/ipq807x_v5.4/ipq50xx/base-files/lib/upgrade/platform.sh b/feeds/ipq807x_v5.4/ipq50xx/base-files/lib/upgrade/platform.sh index a71d4c847..7931fe254 100755 --- a/feeds/ipq807x_v5.4/ipq50xx/base-files/lib/upgrade/platform.sh +++ b/feeds/ipq807x_v5.4/ipq50xx/base-files/lib/upgrade/platform.sh @@ -107,29 +107,42 @@ platform_do_upgrade() { board=$(board_name) case $board in - glinet,b3000|\ edgecore,oap101|\ edgecore,oap101-6e|\ edgecore,oap101e|\ edgecore,oap101e-6e|\ edgecore,eap104) + if [ "$(find_mtd_chardev rootfs)" ]; then + CI_UBIPART="rootfs" + else + if grep -q rootfs1 /proc/cmdline; then + CI_UBIPART="rootfs2" + CI_FWSETENV="active 2" + else + CI_UBIPART="rootfs1" + CI_FWSETENV="active 1" + fi + fi + nand_upgrade_tar "$1" + ;; + glinet,b3000) CI_UBIPART="rootfs1" [ "$(find_mtd_chardev rootfs)" ] && CI_UBIPART="rootfs" nand_upgrade_tar "$1" ;; - hfcl,ion4x_w|\ + hfcl,ion4x_w|\ hfcl,ion4xi_w) - wp_part=$(fw_printenv primary | cut -d = -f2) - echo "Current Primary is $wp_part" - if [[ $wp_part == 1 ]]; then - CI_UBIPART="rootfs" - CI_FWSETENV="primary 0" - else - CI_UBIPART="rootfs_1" - CI_FWSETENV="primary 1" - fi - nand_upgrade_tar "$1" - ;; + wp_part=$(fw_printenv primary | cut -d = -f2) + echo "Current Primary is $wp_part" + if [[ $wp_part == 1 ]]; then + CI_UBIPART="rootfs" + CI_FWSETENV="primary 0" + else + CI_UBIPART="rootfs_1" + CI_FWSETENV="primary 1" + fi + nand_upgrade_tar "$1" + ;; cig,wf186w|\ cig,wf186h|\ emplus,wap385c|\ From b5b276bfcc23e2dec40deb3a63039bb75f70f416 Mon Sep 17 00:00:00 2001 From: John Crispin Date: Wed, 6 Aug 2025 11:03:59 +0200 Subject: [PATCH 09/21] est_client: check if a cert is present inside the fwtool helper This was causing devices without a birt cert being present from doing a sysupgrade. Signed-off-by: John Crispin --- feeds/tip/cloud_discovery/files/usr/bin/est_client | 3 +++ 1 file changed, 3 insertions(+) diff --git a/feeds/tip/cloud_discovery/files/usr/bin/est_client b/feeds/tip/cloud_discovery/files/usr/bin/est_client index 535e2a7fa..a2a740475 100755 --- a/feeds/tip/cloud_discovery/files/usr/bin/est_client +++ b/feeds/tip/cloud_discovery/files/usr/bin/est_client @@ -139,6 +139,9 @@ function load_operational_ca() { } function fwtool() { + if (!fs.stat('/etc/ucentral/cert.pem')) + return 0; + let pipe = fs.popen(`openssl x509 -in /etc/ucentral/cert.pem -noout -issuer`); let issuer = pipe.read("all"); pipe.close(); From 6ba26cba2b4a7c2cbc11338000a31079a699d94e Mon Sep 17 00:00:00 2001 From: John Crispin Date: Wed, 6 Aug 2025 16:23:57 +0200 Subject: [PATCH 10/21] est_client: add a function to validate that the CN is correct cloud_discovery will not start if the CN does not match the devices serial. an error will be written to syslog --- Wed Aug 6 14:23:23 2025 user.notice root: ERROR Wed Aug 6 14:23:23 2025 user.notice root: ERROR Wed Aug 6 14:23:23 2025 user.notice root: ERROR Wed Aug 6 14:23:23 2025 user.notice root: The certificate used has a CN that does not match the serial of the device Wed Aug 6 14:23:23 2025 user.notice root: ERROR Wed Aug 6 14:23:23 2025 user.notice root: ERROR Wed Aug 6 14:23:23 2025 user.notice root: ERROR --- Signed-off-by: John Crispin --- .../files/etc/init.d/cloud_discover | 13 +++++++++++++ .../cloud_discovery/files/usr/bin/est_client | 18 ++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/feeds/tip/cloud_discovery/files/etc/init.d/cloud_discover b/feeds/tip/cloud_discovery/files/etc/init.d/cloud_discover index 77ddb05cb..e9828b22f 100755 --- a/feeds/tip/cloud_discovery/files/etc/init.d/cloud_discover +++ b/feeds/tip/cloud_discovery/files/etc/init.d/cloud_discover @@ -22,6 +22,19 @@ start_service() { [ "$valid" == "true" ] || /usr/share/ucentral/ucentral.uc /etc/ucentral/ucentral.cfg.0000000001 > /dev/null + est_client check + [ $? -eq 1 ] && { + logger ERROR + logger ERROR + logger ERROR + logger The certificate used has a CN that does not match the serial of the device + echo The certificate used has a CN that does not match the serial of the device + logger ERROR + logger ERROR + logger ERROR + return + } + procd_open_instance procd_set_param command "$PROG" procd_set_param respawn diff --git a/feeds/tip/cloud_discovery/files/usr/bin/est_client b/feeds/tip/cloud_discovery/files/usr/bin/est_client index a2a740475..61eff4e50 100755 --- a/feeds/tip/cloud_discovery/files/usr/bin/est_client +++ b/feeds/tip/cloud_discovery/files/usr/bin/est_client @@ -4,6 +4,7 @@ import { ulog_open, ulog, ULOG_SYSLOG, ULOG_STDIO, LOG_DAEMON, LOG_INFO } from 'log'; import * as fs from 'fs'; +import * as libuci from 'uci'; let store_operational_pem = false; let store_operational_ca = false; @@ -166,6 +167,20 @@ function fwtool() { return 0; } +function check_cert() { + if (!fs.stat('/etc/ucentral/cert.pem')) + return 0; + let pipe = fs.popen("openssl x509 -in /etc/ucentral/cert.pem -noout -subject -nameopt multiline | grep commonName | awk '{ print $3 }'"); + let cn = pipe.read("all"); + pipe.close(); + if (!cn) + return 0; + cn = lc(trim(cn)); + let uci = libuci.cursor(); + let serial = uci.get('ucentral', 'config', 'serial'); + return cn != serial; +} + switch(ARGV[0]) { case 'enroll': let ret = simpleenroll(); @@ -187,4 +202,7 @@ case 'reenroll': case 'fwtool': exit(fwtool()); + +case 'check': + exit(check_cert()); } From 68dfd583030dfcda03c81a9d5259bb0866acfe0a Mon Sep 17 00:00:00 2001 From: John Crispin Date: Thu, 7 Aug 2025 14:51:33 +0200 Subject: [PATCH 11/21] wireless-regdb: disable channel 14 in JP Fixes: WIFI-14962 Signed-off-by: John Crispin --- ...-wireless-regdb-fix-channel-14-in-JP.patch | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 patches/0099-wireless-regdb-fix-channel-14-in-JP.patch diff --git a/patches/0099-wireless-regdb-fix-channel-14-in-JP.patch b/patches/0099-wireless-regdb-fix-channel-14-in-JP.patch new file mode 100644 index 000000000..3cb447335 --- /dev/null +++ b/patches/0099-wireless-regdb-fix-channel-14-in-JP.patch @@ -0,0 +1,39 @@ +From d0a0f0304f292a40f2fcdd20b320089627b0f05f Mon Sep 17 00:00:00 2001 +From: John Crispin +Date: Thu, 7 Aug 2025 14:50:51 +0200 +Subject: [PATCH] wireless-regdb: fix channel 14 in JP + +Signed-off-by: John Crispin +--- + .../patches/200-jp-no-channel-14.patch | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + create mode 100644 package/firmware/wireless-regdb/patches/200-jp-no-channel-14.patch + +diff --git a/package/firmware/wireless-regdb/patches/200-jp-no-channel-14.patch b/package/firmware/wireless-regdb/patches/200-jp-no-channel-14.patch +new file mode 100644 +index 0000000000..ea1411cfdd +--- /dev/null ++++ b/package/firmware/wireless-regdb/patches/200-jp-no-channel-14.patch +@@ -0,0 +1,19 @@ ++--- a/db.txt +++++ b/db.txt ++@@ -16,8 +16,6 @@ country 00: ++ (2402 - 2472 @ 40), (20) ++ # Channel 12 - 13. ++ (2457 - 2482 @ 20), (20), NO-IR, AUTO-BW ++- # Channel 14. Only JP enables this and for 802.11b only ++- (2474 - 2494 @ 20), (20), NO-IR, NO-OFDM ++ # Channel 36 - 48 ++ (5170 - 5250 @ 80), (20), AUTO-BW ++ # Channel 52 - 64 ++@@ -945,7 +943,6 @@ country JO: DFS-JP ++ # https://www.soumu.go.jp/main_content/000833682.pdf ++ country JP: DFS-JP ++ (2402 - 2482 @ 40), (20) ++- (2474 - 2494 @ 20), (20), NO-OFDM ++ (4910 - 4990 @ 40), (23) ++ (5170 - 5250 @ 80), (20), AUTO-BW ++ (5250 - 5330 @ 80), (20), DFS, AUTO-BW +-- +2.34.1 + From b982f3f4c2652fbc9cd6ab7920e900d20e0b3d32 Mon Sep 17 00:00:00 2001 From: Marek Kwaczynski Date: Fri, 8 Aug 2025 13:51:19 +0200 Subject: [PATCH 12/21] cloud_discovery: Track and persist discovery method Adds support for recording the method used to discover the cloud controller (e.g. DHCP, FLASH, OpenLAN). The selected method records the current date and time along with the discovery method into "/etc/ucentral/discovery.state.json". The date is stored in epoch format. Fixed: WIFI-14966 Signed-off-by: Marek Kwaczynski --- .../files/usr/bin/cloud_discovery | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery b/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery index c3d7f4b1c..efb90c0da 100755 --- a/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery +++ b/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery @@ -15,9 +15,14 @@ const ONLINE = 2; const OFFLINE = 3; const ORPHAN = 4; +const DISCOVER_DHCP = "DHCP"; +const DISCOVER_FLASH = "FLASH"; +const DISCOVER_LOOKUP = "OpenLAN"; + let ubus = libubus.connect(); let uci = libuci.cursor(); let state = DISCOVER; +let discovery_method = ""; let validate_time; let offline_time; let orphan_time; @@ -78,6 +83,14 @@ function gateway_load() { return readjsonfile('/etc/ucentral/gateway.json'); } +function discovery_state_write() { + let discovery_state = { + "type": discovery_method, + "updated": time() + }; + fs.writefile('/etc/ucentral/discovery.state.json', discovery_state); +} + function gateway_write(data) { let gateway = gateway_load(); gateway ??= {}; @@ -130,6 +143,7 @@ function set_state(set) { if (prev == VALIDATING) { ulog(LOG_INFO, 'Setting cloud controller to validated\n'); gateway_write({ valid: true }); + discovery_state_write(); } break; @@ -227,15 +241,18 @@ function interval_handler() { if (!time_is_valid()) return; + discovery_method = DISCOVER_DHCP; if (discover_dhcp()) return; if (system('/usr/bin/est_client enroll')) return; + discovery_method = DISCOVER_FLASH; if (!discover_flash()) return; + discovery_method = DISCOVER_LOOKUP; redirector_lookup(); break; From b2ba9d7c1bb4295f89a25f3a30fb9659a2c430d6 Mon Sep 17 00:00:00 2001 From: John Crispin Date: Mon, 11 Aug 2025 06:13:02 +0200 Subject: [PATCH 13/21] ucentral-client: update to latest HEAD 549e84e ucentral-client: Add discovery metadata to connect payload Signed-off-by: John Crispin --- feeds/ucentral/ucentral-client/Makefile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/feeds/ucentral/ucentral-client/Makefile b/feeds/ucentral/ucentral-client/Makefile index bcba3a817..187866d77 100644 --- a/feeds/ucentral/ucentral-client/Makefile +++ b/feeds/ucentral/ucentral-client/Makefile @@ -4,10 +4,9 @@ PKG_NAME:=ucentral-client PKG_RELEASE:=1 PKG_SOURCE_URL=https://github.com/Telecominfraproject/wlan-ucentral-client.git -PKG_MIRROR_HASH:=34c912efa9c0dcdbc6122296e236993484b24b3bc4de51608356304afc8df1c3 PKG_SOURCE_PROTO:=git -PKG_SOURCE_DATE:=2025-07-27 -PKG_SOURCE_VERSION:=c536f6957bd96e57301f9d540b75460119d2a69a +PKG_SOURCE_DATE:=2025-08-11 +PKG_SOURCE_VERSION:=549e84e5fea7230c5471d6a3dbddcc7d3152f665 PKG_LICENSE:=BSD-3-Clause PKG_MAINTAINER:=John Crispin From c4b3eeed811aede31f62609161eb3b5afca55f5f Mon Sep 17 00:00:00 2001 From: John Crispin Date: Mon, 11 Aug 2025 06:36:22 +0200 Subject: [PATCH 14/21] est_client: switch to production environment Signed-off-by: John Crispin --- .../cloud_discovery/files/usr/bin/est_client | 20 ++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/feeds/tip/cloud_discovery/files/usr/bin/est_client b/feeds/tip/cloud_discovery/files/usr/bin/est_client index 61eff4e50..22ba0f726 100755 --- a/feeds/tip/cloud_discovery/files/usr/bin/est_client +++ b/feeds/tip/cloud_discovery/files/usr/bin/est_client @@ -8,9 +8,22 @@ import * as libuci from 'uci'; let store_operational_pem = false; let store_operational_ca = false; -let est_server = 'qaest.certificates.open-lan.org:8001'; +let est_server = 'est.certificates.open-lan.org'; let cert_prefix = 'operational'; +function set_est_server() { + let pipe = fs.popen(`openssl x509 -in /etc/ucentral/cert.pem -noout -issuer`); + let issuer = pipe.read("all"); + pipe.close(); + + if (!match(issuer, /Telecom Infra Project Issuing CA/)) { + ulog(LOG_INFO, 'Certificate type is "Demo" \n'); + est_server = 'qaest.certificates.open-lan.org:8001'; + } else { + ulog(LOG_INFO, 'Certificate type is "TIP"\n'); + } +} + if (getenv('EST_SERVER')) est_server = getenv('EST_SERVER'); @@ -79,6 +92,8 @@ function call_est_server(path, cert, target) { if (generate_csr(cert)) return 1; + set_est_server(); + let ret = system('curl -m 10 -X POST https://' + est_server + '/.well-known/est/' + path + ' -d @/tmp/csr.nohdr.p10 -H "Content-Type: application/pkcs10" --cert ' + cert + ' --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.nohdr.p7'); if (ret) { ulog(LOG_INFO, 'Failed to request operational certificate\n'); @@ -126,6 +141,9 @@ function load_operational_ca() { ulog(LOG_INFO, 'Operational CA is present\n'); return 0; } + + set_est_server(); + let ret = system('curl -m 10 -X GET https://' + est_server + '/.well-known/est/cacerts --cert /etc/ucentral/' + cert_prefix + '.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/' + cert_prefix + '.ca.nohdr.p7'); if (!ret) ret = p7_too_pem('/tmp/' + cert_prefix + '.ca.nohdr.p7', '/etc/ucentral/' + cert_prefix + '.ca'); From f997f8dff01f9673dcee82d1efe1f9464054e924 Mon Sep 17 00:00:00 2001 From: John Crispin Date: Tue, 12 Aug 2025 19:06:38 +0200 Subject: [PATCH 15/21] tip-defaults: add operational OpenLan root CA Signed-off-by: John Crispin --- feeds/tip/tip-defaults/files/etc/ucentral/insta.pem | 3 +++ 1 file changed, 3 insertions(+) diff --git a/feeds/tip/tip-defaults/files/etc/ucentral/insta.pem b/feeds/tip/tip-defaults/files/etc/ucentral/insta.pem index eeb4bd3a9..1ccf7e427 100644 --- a/feeds/tip/tip-defaults/files/etc/ucentral/insta.pem +++ b/feeds/tip/tip-defaults/files/etc/ucentral/insta.pem @@ -4,3 +4,6 @@ MIIFajCCA1KgAwIBAgICDnowDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3BlbkxBTiBEZW1vIFJv -----BEGIN CERTIFICATE----- MIIFIDCCAwigAwIBAgICDnkwDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3BlbkxBTiBEZW1vIFJvb3QgQ0EwHhcNMjUwMjIxMTUwMDAwWhcNMjYwMjIxMTUwMDAwWjAfMR0wGwYDVQQDDBRPcGVuTEFOIERlbW8gUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMjExylKdJWoJu9mOHPJ6yZFXKe1lE467G65acpS2FKIWnPVFjNCmATMpkMOIFzEFwyFdbQjzOidtiL+73zlE52lOJpXCfOcxDFqDYDJJ8//J1/gQWsBaKpSvgLiHU/0awkQg+yJYZpj8YZa4NkFe+zTjQScSfOsqPPb3rZ7DOQ2BKAhjVShKmVbtNil0iO0zm8vE8DNkktTNMREp2pzb8MbCAgfOkwlrby6T+rV3TvmjThGdFUb5lWDFxWtlF8W0SUII9qj7p5TdGpryeLsO0nZTBtS4HxZNdvmKOHfgcRHmSZIJigB2NzKLNrXF9JBW0WnUSwZJZAG2C1RTx6lADILPueuusyfR/hZ3koKi4PHnSiTwQghzia9K9QjNHq5z9R9ZoCnhBg1VyU4LKmp862L0sIp2vgnOYunEIi9aCYBaDwo+0FuVjZuXyDIatwVuA7TN5IWPHA6XLdOt1mmkeYy1Ldr4XHjdondhtOyeei1UFXmyyLm2+kmRYfTm91TqYmNzRgbRV2NHO50AmsnBknX4Rv3gishGe0+dV5yFcUwZud0z2rSCkuoai5tKrPT+6Y6NqkT9u9HFifIBXnLwEzVUqHRtW6SuWj2DClVQIXIUZtFnhY4GuTuf6DlzgnXO58oDVCZmCW4ULIpbqGeRsvBHR8Sw5JXP/1+TMUYhE8TAgMBAAGjZjBkMB8GA1UdIwQYMBaAFDzIg8eyTI3xc4A2R60f8HanhBZDMB0GA1UdDgQWBBQ8yIPHskyN8XOANketH/B2p4QWQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQsFAAOCAgEAkHZ5KR8IOrdfMFy+iOvauvZxfQ84LL6TpB2FQKDjneJUdd7c29UJJFNW/0mp4Gc6jKZab6J8Dx/pNnbH0RqFjGjeRGtJ4Sk0G7gf9zw1S7qut5WJDcisM9l/wXC+zy/KSKKPQmbt0grWOtU7+NNPh1YU76hIrInq/u2sVZyKH8SXQ957fbJk6BX6JTKyNEn05AB6rNSrbOWo8sy2MlcJ7bBsrWYI1t6GcWFh4b36bLu7/dKJWpyFNXXIkKJsgMEDpEQae56+fSSDo0KRNtYB82fNZDIQlGK81rGJWNzAahM+3GD1tgk/3ZVugfaJhcBpoHHKNOGqZAvtirLAIDocno7AzqoeIz974Rh2Olsl2/arApYPyyfi8PMYuFe/d4h+Wie8n+jh5n48lZ2Ve4PK+j+QHD6tTZS4f0bGnPL1puMxzQloltuQWgLDeVfEgrc3snLvjOg8aDzWm/es85lP8XcyW54U4t3JmrNUC2C7v+Uafx7cL7eDeunhs+BRhtGV+IUmjub2IrpqZp3zZqn+LVRdYJIy/qHhjS5+ImckXkFojOmeWhfmEmYSuNP8Oa6cGuXp829qnbxLh9Qzi3TfXV883KLse4kL5Zl7gBA/4hz2hVMyGJ8fY+VvzbaTuOXyvKJ+rGZCTcRSeotBLnIevVMiL7SqOEwN0j4Mfbznfq8= -----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFFTCCAv2gAwIBAgICAxIwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3BlbkxBTiBSb290IENBMCAXDTI1MDUxNDA4NDcxMFoYDzIwNTUwNTE0MDg0NzEwWjAaMRgwFgYDVQQDDA9PcGVuTEFOIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDGibJ04A55kSURTBSKgcBmLnND2I5wws1taKqqU9aaRhB7NtvMHwh2voH9b1brUiulZaZwTN/9kzd4AnXeKQ+0u5tV7Ofk0fzF2MK47n17TS30Yenqc4NuQEKdpKK/pM3VvOEppR/bqtgyLtDmbDnmFOx+zTj/+smTgouwA+Iier0P4s5OohYxn/bjOqwQbHbU79VpGBIWv6/kt55AhH7zvsqqKHkrzTxnsRBv3SBIufrjJr9PIhZBLDrqr56P6KgAi0eoutNt2ToiJbE0WfjU7GI1RSiSN5bGj1zXhjNVzQWs1H9QzRf3c9pl3+haHQZ7FZ1UqiTRewmbNrQ6I9k81au3SttUlb87MyAuDSzatkiq7CjQ8VE1J6te6ZBt2zWpUhHsR/Lg7g3eOw5dL4oZJdK5GgGu/MUajLUXifIqM13Mvg0VTzDhN69VLXLSL0gPcicsQCwJuAza1IC/VqmBGx19fAkyJhOurCXWOgisi0g1+xzPKRphUNwMPUf8vBVOM/Vc6xDIvwVGE3+eWXyhixneFlSpAI03nWWjpwWXihTBoxbfRXO3Y/ilJqrgFN+U4PJcCPA+Wo7ThH0mgX6bOTPcgXMUzT3v3FF6Bx5/PNV3kYrw2yLzribUiS6AGvVGnW4hX2Z6OQvA/aHME8KF+6y6m4pC7FkUjVaRlzWu/wIDAQABo2MwYTAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbCJjAdBgNVHQ4EFgQUlGhbqDj5OECwcmT+O5I+KdSGwiYwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAB+/RUC2X6eVoPsFNMkaXO5Iib/ub0JoWhODQm8j2Mr5dpGXESSpXjfDcqDOLuJbWWoflXBLdr8BsVCBqOA9YgCX0H8Br7dUWmCScixxLW0he592/424EvdwifxcKHZLjv9CKV5Txhqnm2djc5RY/nTH5MYVrIh/If2TNO5ydDP6+vgy9GQ4en04VK7rz+PW17O8l7k9/lOmYptZmHgSDAPj/cT3PlG+McqaI5rMSHeEHlzH+PvgWjtSeEhF4FwFBXroDl4/yb4l2JB8bqAZ3vsOXSkigFcZh5MXPe+zuSSW+G8iLr4xoi0CFsP2DaHEyxgqP4B1FtE9nFPo6cvWbwqTVT7QSzqfH+jPJuQvpFXeRF5UFegNZTFT5/uFFPamihakFslEYxeJey1y+OJdLcP6ef87ruSt8amsq56OAETYpnW4JFowlEh0C+QwLGHGGY6WrOgHY/90hJmPgXBdBVg/IoOhzbvk5A+LqZDvxV2/rLNfClw8Kr3g5e8obcB6dWgMCy2z+us0H79ucnmhzQKsjpxM9T1ncHovAQfiD3jVqfHULY53avh0wIAjosoTGbe8dyx80quHe+16qWan7C9idXeAYYJXbZt5hs6hLw4I8M1LsjTg6vwsqiaHZpsmDyyQLdFjNJldG7aosfS9F+BIpuwijF+1dashL0CPsbIJ +-----END CERTIFICATE----- From 7b6fc736f66f091bae69e1f4b3367cf235095051 Mon Sep 17 00:00:00 2001 From: Paul White Date: Mon, 4 Aug 2025 04:17:27 +0000 Subject: [PATCH 16/21] base-files: boot: add sync after uci-defaults A scenario was seen where UCI config was not flushed to disk before an AP power-cycle after uci-defaults was completed. Since these scripts are deleted after being ran once, there is no way to recover without a factory reset. Adding this sync operation proved to help avoid this situation from happening Signed-off-by: Paul White --- ...les-boot-add-sync-after-uci-defaults.patch | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 patches/0096-base-files-boot-add-sync-after-uci-defaults.patch diff --git a/patches/0096-base-files-boot-add-sync-after-uci-defaults.patch b/patches/0096-base-files-boot-add-sync-after-uci-defaults.patch new file mode 100644 index 000000000..84d766b61 --- /dev/null +++ b/patches/0096-base-files-boot-add-sync-after-uci-defaults.patch @@ -0,0 +1,33 @@ +From 309a419087da906a2f3b0f39763f021e9729dd85 Mon Sep 17 00:00:00 2001 +From: Paul White +Date: Mon, 4 Aug 2025 04:14:23 +0000 +Subject: [PATCH] base-files: boot: add sync after uci-defaults + +A scenario was seen where UCI config was not flushed to disk before +an AP power-cycle after uci-defaults was completed. Since these +scripts are deleted after being ran once, there is no way to recover +without a factory reset. + +Adding this sync operation proved to help avoid this situation from +happening + +Signed-off-by: Paul White +--- + package/base-files/files/etc/init.d/boot | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/package/base-files/files/etc/init.d/boot b/package/base-files/files/etc/init.d/boot +index 15756669a9..c8a803e32c 100755 +--- a/package/base-files/files/etc/init.d/boot ++++ b/package/base-files/files/etc/init.d/boot +@@ -15,6 +15,7 @@ uci_apply_defaults() { + ( . "./$(basename $file)" ) && rm -f "$file" + done + uci commit ++ sync + } + + boot() { +-- +2.43.0 + From cd78a832e3856d0cae4c87ced4c1ef5f699623e3 Mon Sep 17 00:00:00 2001 From: John Crispin Date: Wed, 13 Aug 2025 14:35:42 +0200 Subject: [PATCH 17/21] cloud_discovery: use production CDS for migration path Signed-off-by: John Crispin --- .../files/usr/bin/cloud_discovery | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery b/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery index efb90c0da..3a2dd242a 100755 --- a/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery +++ b/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery @@ -42,6 +42,21 @@ ulog(LOG_INFO, 'Start\n'); uloop.init(); +let cds_server = 'discovery.open-lan.org'; + +function set_cds_server() { + let pipe = fs.popen(`openssl x509 -in /etc/ucentral/cert.pem -noout -issuer`); + let issuer = pipe.read("all"); + pipe.close(); + + if (!match(issuer, /Telecom Infra Project Issuing CA/)) { + ulog(LOG_INFO, 'Certificate type is "Demo" \n'); + est_server = 'openlan.keys.tip.build'; + } else { + ulog(LOG_INFO, 'Certificate type is "TIP"\n'); + } +} + function readjsonfile(path) { let file = fs.readfile(path); if (file) @@ -178,7 +193,7 @@ function redirector_lookup() { let serial = uci.get('system', '@system[-1]', 'mac'); fs.unlink(path); - system(`curl -k --cert /etc/ucentral/operational.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/operational.ca https://openlan.keys.tip.build/v1/devices/${serial} --output /tmp/ucentral.redirector`); + system(`curl -k --cert /etc/ucentral/operational.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/operational.ca https://${cds_server}/v1/devices/${serial} --output /tmp/ucentral.redirector`); if (!fs.stat(path)) return; let redir = readjsonfile(path); @@ -369,6 +384,8 @@ function expiry_handler() { system('/etc/init.d/ucentral restart'); } +set_cds_server(); + if (gateway_available()) { let status = ubus.call('ucentral', 'status'); ulog(LOG_INFO, 'cloud is known\n'); From f4a58c098954317a9e9030a80c081174f96c4076 Mon Sep 17 00:00:00 2001 From: Paul White Date: Wed, 13 Aug 2025 14:39:38 +0200 Subject: [PATCH 18/21] qca-ssdk: Move MIB loop cnt variable to handle The MIB loop cnt variable was defined as a static variable in the function that implements the loop, however this function can be called for more than one switch on some platforms. This results in a race condition that leads to memory corruption and kernel crashes. The fix moves the loop cnt variable to the passed in switch handle, this way there is one per switch chip. Thix fix was identified by looking at newer versions of the qca-ssdk software package from QCA. Signed-off-by: Paul White --- .../500-define-mib-loop-cnt-to-gobal.patch | 61 +++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 feeds/ipq807x_v5.4/qca-ssdk/patches/500-define-mib-loop-cnt-to-gobal.patch diff --git a/feeds/ipq807x_v5.4/qca-ssdk/patches/500-define-mib-loop-cnt-to-gobal.patch b/feeds/ipq807x_v5.4/qca-ssdk/patches/500-define-mib-loop-cnt-to-gobal.patch new file mode 100644 index 000000000..e0a2bd9c4 --- /dev/null +++ b/feeds/ipq807x_v5.4/qca-ssdk/patches/500-define-mib-loop-cnt-to-gobal.patch @@ -0,0 +1,61 @@ +--- a/include/init/ssdk_plat.h ++++ b/include/init/ssdk_plat.h +@@ -330,6 +330,7 @@ struct qca_phy_priv { + struct mii_bus *miibus; + /*qca808x_end*/ + u64 *mib_counters; ++ a_uint32_t mib_loop_cnt; + /* dump buf */ + a_uint8_t buf[2048]; + a_uint32_t link_polling_required; +--- a/src/ref/ref_mib.c ++++ b/src/ref/ref_mib.c +@@ -479,39 +479,37 @@ qca_ar8327_sw_get_port_mib(struct switch + #endif + + int +-_qca_ar8327_sw_capture_port_tx_counter(struct qca_phy_priv *priv, int port) ++_qca_ar8327_sw_capture_port_tx_counter(a_uint32_t dev_id, int port) + { + fal_mib_info_t mib_Info; + + memset(&mib_Info, 0, sizeof(fal_mib_info_t)); +- fal_get_tx_mib_info(priv->device_id, port, &mib_Info); ++ fal_get_tx_mib_info(dev_id, port, &mib_Info); + + return 0; + } + + int +-_qca_ar8327_sw_capture_port_rx_counter(struct qca_phy_priv *priv, int port) ++_qca_ar8327_sw_capture_port_rx_counter(a_uint32_t dev_id, int port) + { + fal_mib_info_t mib_Info; + + memset(&mib_Info, 0, sizeof(fal_mib_info_t)); +- fal_get_rx_mib_info(priv->device_id, port, &mib_Info); ++ fal_get_rx_mib_info(dev_id, port, &mib_Info); + return 0; + } + + void + qca_ar8327_sw_mib_task(struct qca_phy_priv *priv) + { +- static int loop = 0; +- + mutex_lock(&priv->reg_mutex); +- if ((loop % 2) == 0) +- _qca_ar8327_sw_capture_port_rx_counter(priv, loop/2); ++ if ((priv->mib_loop_cnt % 2) == 0) ++ _qca_ar8327_sw_capture_port_rx_counter(priv->device_id, priv->mib_loop_cnt/2); + else +- _qca_ar8327_sw_capture_port_tx_counter(priv, loop/2); ++ _qca_ar8327_sw_capture_port_tx_counter(priv->device_id, priv->mib_loop_cnt/2); + +- if(++loop == (2 * (priv->ports))) { +- loop = 0; ++ if(++priv->mib_loop_cnt == (2 * (priv->ports))) { ++ priv->mib_loop_cnt = 0; + } + + mutex_unlock(&priv->reg_mutex); From c7f9061eeeae356d5a11374780204b3e07a9d1cb Mon Sep 17 00:00:00 2001 From: Tanya Singh Date: Thu, 14 Aug 2025 11:06:54 +0800 Subject: [PATCH 19/21] cloud_discovery: Fix typo in cloud_discovery script Signed-off-by: Tanya Singh --- feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery b/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery index 3a2dd242a..85b411c71 100755 --- a/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery +++ b/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery @@ -51,7 +51,7 @@ function set_cds_server() { if (!match(issuer, /Telecom Infra Project Issuing CA/)) { ulog(LOG_INFO, 'Certificate type is "Demo" \n'); - est_server = 'openlan.keys.tip.build'; + cds_server = 'openlan.keys.tip.build'; } else { ulog(LOG_INFO, 'Certificate type is "TIP"\n'); } From 0735fd8c9a80186938c77055df9c355bc3be71ea Mon Sep 17 00:00:00 2001 From: John Crispin Date: Thu, 14 Aug 2025 10:31:04 +0200 Subject: [PATCH 20/21] elfutils: fix build with GCC11 Signed-off-by: John Crispin --- .../0099-elfutils-fix-build-with-GCC11.patch | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 patches/0099-elfutils-fix-build-with-GCC11.patch diff --git a/patches/0099-elfutils-fix-build-with-GCC11.patch b/patches/0099-elfutils-fix-build-with-GCC11.patch new file mode 100644 index 000000000..4e3433d4c --- /dev/null +++ b/patches/0099-elfutils-fix-build-with-GCC11.patch @@ -0,0 +1,26 @@ +From b82a8514a3f52b91ec84f703ef92740dda19d5d9 Mon Sep 17 00:00:00 2001 +From: John Crispin +Date: Thu, 14 Aug 2025 10:29:29 +0200 +Subject: [PATCH] elfutils: fix build with GCC11 + +Signed-off-by: John Crispin +--- + package/libs/elfutils/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/package/libs/elfutils/Makefile b/package/libs/elfutils/Makefile +index f7364c36be..76112c89ff 100644 +--- a/package/libs/elfutils/Makefile ++++ b/package/libs/elfutils/Makefile +@@ -87,7 +87,7 @@ TARGET_CFLAGS += \ + -Wno-unused-result \ + -Wno-format-nonliteral + +-ifneq ($(CONFIG_GCC_USE_VERSION_11),y) ++ifneq ($(CONFIG_GCC_VERSION_11),y) + TARGET_CFLAGS += \ + -Wno-error=use-after-free + endif +-- +2.34.1 + From 143d4e3b589ac9d0aab6eced2e8ca03c67be35ca Mon Sep 17 00:00:00 2001 From: John Crispin Date: Thu, 14 Aug 2025 11:44:04 +0200 Subject: [PATCH 21/21] cloud_discovery: make the reenrollment process more robust Signed-off-by: John Crispin --- .../files/usr/bin/cloud_discovery | 61 ++++++++++++------- 1 file changed, 39 insertions(+), 22 deletions(-) diff --git a/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery b/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery index 85b411c71..27dda32da 100755 --- a/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery +++ b/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery @@ -119,9 +119,10 @@ function gateway_write(data) { if (new[key] != gateway[key]) changed = true; } - if (changed) + if (changed) { fs.writefile('/etc/ucentral/gateway.json', new); system('sync'); + } return changed; } @@ -287,6 +288,36 @@ function interval_handler() { } } +function trigger_reenroll() { + ulog(LOG_INFO, 'triggering reenroll\n'); + + if (system('/usr/bin/est_client reenroll')) { + ulog(LOG_INFO, 'reenroll failed\n'); + return; + } + + ulog(LOG_INFO, 'reenroll succeeded\n'); + ulog(LOG_INFO, 'stopping client\n'); + + system('/etc/init.d/ucentral stop'); + set_state(DISCOVER); +} + +function expiry_handler() { + let stat = fs.stat('/etc/ucentral/operational.ca'); + if (!stat) + return; + + let ret = system(`openssl x509 -checkend ${timeouts.expiry_threshold} -noout -in /certificates/operational.pem`); + if (!ret) { + ulog(LOG_INFO, 'checked certificate expiry - all ok\n'); + return; + } + + ulog(LOG_INFO, 'certificate will expire soon\n'); + trigger_reenroll(); +} + let ubus_methods = { discover: { call: function(req) { @@ -361,29 +392,15 @@ let ubus_methods = { }, args: {}, }, + reenroll: { + call: function(req) { + trigger_reenroll(); + return 0; + }, + args: {}, + }, }; -function expiry_handler() { - let stat = fs.stat('/etc/ucentral/operational.ca'); - if (!stat) - return; - - let ret = system(`openssl x509 -checkend ${timeouts.expiry_threshold} -noout -in /certificates/operational.pem`); - if (!ret) { - ulog(LOG_INFO, 'checked certificate expiry - all ok\n'); - return; - } - - ulog(LOG_INFO, 'certificate will expire soon\n'); - if (system('/usr/bin/est_client reenroll')) { - ulog(LOG_INFO, 'reenroll failed\n'); - return; - } - ulog(LOG_INFO, 'reenroll succeeded\n'); - ulog(LOG_INFO, '(re)starting client\n'); - system('/etc/init.d/ucentral restart'); -} - set_cds_server(); if (gateway_available()) {