Description:
The num_peers counter does not always update at the exact moment a peer is deleted.
Since deletion and decrement are not fully atomic, there are scenarios where
num_peers can drift out of sync with the actual number of peers.
Fix:
A complete rewrite of the num_peers update logic—ensuring fully correct
increment/decrement handling during peer insertion and deletion—would require
significant effort and QA validation. As an immediate and effective solution,
this patch synchronizes num_peers with the actual peer count whenever a mismatch
is detected.
Fixes WIFI-14998 and indirectly resolves WIFI-15202.
Signed-off-by: Venkat Chimata <venkat@nearhop.com>
In the DP RX path, fast_rx is set to true by default.
Currently, if peer lookup fails in ath11k_dp_rx_h_mpdu(), the SKB is not sent
to the network stack or mac80211 because fast_rx remains true. This results
in a memory leak.
Fix this by setting fast_rx = false when peer lookup fails in
ath11k_dp_rx_h_mpdu(), ensuring the SKB is properly delivered to mac80211
via ath11k_dp_rx_deliver_msdu().
Fixes: WIFI-15202
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
The num_peers counter becomes corrupted during peer deletion due to race
conditions between ath11k_peer_delete() and ath11k_peer_unmap_event().
The firmware may or may not send unmap events, and the timing varies,
causing the counter to either leak (increment without decrement) or
underflow (double decrement).
Root causes:
1. ath11k_peer_delete() doesn't decrement num_peers, relying on
ath11k_peer_unmap_event() to do it
2. Firmware sometimes doesn't send unmap events, leaving num_peers
inflated
3. When unmap events do arrive, timing races with ath11k_peer_delete()
can cause missed decrements
4. Cleanup paths may double-decrement if delete_in_progress not checked
5. num_peers modified outside proper locking in some paths
This fix:
- Moves num_peers decrement into ath11k_peer_delete() after successful
peer deletion wait, ensuring exactly one decrement per deletion
- Handles both cases: peer removed by unmap event, or peer still in list
- Removes num_peers decrement from ath11k_peer_unmap_event() to prevent
double-decrement when unmap event arrives
- Adds ath11k_dp_peer_cleanup() call before ath11k_peer_delete() in
roaming path to ensure datapath structures properly cleaned up
- Adds delete_in_progress checks in cleanup paths to prevent
double-delete
- Ensures all num_peers modifications happen under base_lock
- Adds comprehensive debug logging to track num_peers throughout peer
lifecycle
Signed-off-by: Arif Alam <arif.alam@netexperience.com>
Signed-off-by: John Crispin <john@phrozen.org>
1. When a connected client roams to another AP, the AP is trying to delete the peer
but for some reason the WMI command times out and while driver is waiting for
the response, we observed that the AP doesn't respond to any frames from STA
(probe requests, authentication etc) and once the response times out (3seconds default)
then AP starts responding to the older requets but client has already connected to
another AP. As the root cause for the response timing out is in the FW, we added
a WAR to reduce the timeout to minimize this blind period, with this AP responds
after 100ms and client connects successfully. And 100ms timeout is also reasonable
for this internal operation.
2. In case of peer deletion timeout, the driver peer database is not cleared, so,
if this happens often (which it is) then eventually we hit the max peers in the
driver and all subsequent operations fail, so, in case of timeout ignore the failure
and proceed with driver peer database cleanup.
Signed-off-by: Venkat Chimata <venkat@nearhop.com>
Add bind-dig package dependency required for CAA record lookups
in est_client, which uses the dig command to query DNS for EST
server discovery.
Signed-off-by: John Crispin <john@phrozen.org>
Change standard FQDN from 'openwifi.network' to 'openwifi.wlan.local'
to prevent DNS hijacking attacks. The .local TLD is reserved for local
network use (mDNS) and cannot be registered in public DNS, ensuring
that discovery traffic cannot be redirected to attacker-controlled
infrastructure.
Signed-off-by: John Crispin <john@phrozen.org>
Move EST client enrollment to occur immediately after successful DHCP
discovery and before starting the ucentral client. This ensures
controller-specific certificates are enrolled before attempting to
connect. If EST enrollment fails during DHCP discovery, the client
will not be started.
Adjust interval_handler to call EST enrollment after DHCP discovery
attempt rather than before, ensuring proper certificate handling for
DHCP-discovered controllers.
Signed-off-by: John Crispin <john@phrozen.org>
Replace resolv module usage with dig command for CAA record lookups
to simplify DNS query handling. Reorganise cert_prefix_determine() to
prioritise controller-specific FQDN from cloud.json before checking
discovery method.
Add extensive debug logging throughout to aid troubleshooting of EST
enrollment process, including curl commands and exit codes.
Signed-off-by: John Crispin <john@phrozen.org>
The air-gapped EST server uses a certificate signed by the OpenLAN
Server Issuing CA. This certificate is used to ensure mTLS
authentication when the device connects to the EST server.
Signed-off-by: John Crispin <john@phrozen.org>
Add dnsmasq_rebind_allow() function to automatically whitelist controller
FQDNs for private IP resolution in air-gapped deployments.
When dnsmasq's boguspriv option is enabled (default), it blocks DNS
responses containing private IP addresses (RFC 1918) as a security
measure. This prevents DHCP Option 224 from resolving controller FQDNs
to local private IPs in air-gapped networks.
Solution: Inject rebind-domain-ok directives into /tmp/dnsmasq.d/
directory, which dnsmasq automatically includes via --conf-dir option.
Behaviour:
- DHCP discovery: Whitelist FQDN from dhcp_server field
- Standard FQDN discovery: Whitelist openwifi.network
- Centralized discovery: No changes (public IPs not affected)
This maintains security by only allowing specific controller domains
to resolve to private IPs whilst filtering all other RFC 1918 responses.
Signed-off-by: John Crispin <john@phrozen.org>
Add cert_prefix_determine() function that reads discovery method from
/tmp/discovery.method and determines appropriate certificate naming:
- Centralized (OpenLAN redirector): operational.pem/operational.ca
- Air-gapped (DHCP/FQDN/Flash): <controller-fqdn>.pem/<controller-fqdn>.ca
The FQDN is extracted from the controller address in /tmp/cloud.json
(DHCP Option 224).
This enables APs to enrol and store separate operational certificates
for multiple controllers, supporting portability between centralized
and air-gapped deployments without certificate conflicts.
Signed-off-by: John Crispin <john@phrozen.org>
Extend gateway.json to include cert and ca fields specifying which
certificate files the client should use for the connection.
Certificate naming strategy:
- Centralized (redirector discovery): operational.pem/operational.ca
- Air-gapped (DHCP/FQDN/Flash): <fqdn>.pem/<fqdn>.ca
Write discovery method to /tmp/discovery.method so est_client can
determine appropriate certificate naming when enrolling.
This enables APs to maintain separate operational certificates for
multiple controllers and automatically select the correct certificates
based on which controller they're connecting to.
Signed-off-by: John Crispin <john@phrozen.org>
Modify early_boot init script to copy all .pem and .ca files from
/certificates/ to /etc/ucentral/ instead of only operational.pem
and operational.ca.
This enables support for multiple trust chains where certificates
are stored with FQDN-based names (e.g., controller.example.com.pem)
alongside the traditional operational.pem.
The simple wildcard copy allows air-gapped deployments to maintain
certificates for multiple controllers without complex logic.
Signed-off-by: John Crispin <john@phrozen.org>
Add discovery method that attempts to resolve a standard FQDN when DHCP
discovery fails. This enables zero-touch provisioning in environments
where administrators configure DNS without modifying DHCP infrastructure.
The standard FQDN is configurable via STANDARD_FQDN constant (defaults
to "openwifi.network"). Administrators can configure their local DNS to
resolve this FQDN to their controller, allowing APs to discover the
controller automatically.
Discovery priority order:
1. EST enrollment (blocking)
2. DHCP discovery (Option 224/138)
3. Flash-based configuration
4. Standard FQDN resolution (NEW)
5. Cloud redirector service (internet-connected only)
The implementation uses the resolv module for DNS queries, performing
A record lookups. If resolution fails, discovery continues to the next
method. The standard FQDN method integrates with the existing discovery
block list mechanism to prevent repeated failed attempts.
Note: The boguspriv dnsmasq option may prevent FQDNs from resolving to
private IPs. Administrators should either use CG NAT Safe IP addresses
(100.64.0.0/10) or configure dnsmasq with rebind-domain-ok exceptions.
Signed-off-by: John Crispin <john@phrozen.org>
Implement EST server discovery via CAA DNS records for air-gapped
deployments. When DHCP Option 224 provides a controller FQDN, query
CAA records to determine the appropriate EST server endpoint.
The discovery flow:
1. Read controller FQDN from /tmp/cloud.json (set by DHCP handler)
2. Query CAA records for the controller domain
3. Use EST server from CAA 'issue' tag if present
4. Fall back to certificate issuer-based selection if CAA lookup fails
This allows network administrators to configure local EST servers via
DNS rather than relying on hardcoded public endpoints. Air-gapped
deployments can now specify private EST servers through standard DNS
infrastructure.
Example DNS configuration:
controller.local. IN CAA 0 issue "est.local:8001"
When an AP receives controller.local via DHCP Option 224, it will
query CAA records and use est.local:8001 for certificate enrollment
instead of the public est.certificates.open-lan.org endpoint.
Signed-off-by: John Crispin <john@phrozen.org>
Add missing ';;' after edgecore,eap111/eap112 LED configuration to
prevent fall-through to subsequent case statements.
Signed-off-by: John Crispin <john@phrozen.org>
Allow configuring small values of duration time for passive
scanning in software scan.
Fixes: WIFI-14822
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
**SPECIFICATIONS:**
SOC: Qualcomm IPQ6018 (64-bit quad-core ARM Cortex-A53 @ 1.8Ghz)
Flash: SPI NOR 8MB + NAND 128MB
Memory: 1GB
2.4GHz Frequency Band: 2.4GHz ~ 2.484GHz (802.11 b/g/n/ax)
5GHz Frequency Band: 5.150GHz~5.850GHz (802.11 a/n/ac/ax)
Wireless Speed: 2.4GHz: 574Mbps, 5GHz: 1201Mbps
**BACKUP YOUR STOCK FIRMWARE:**
- Put openwrt-*-initramfs-kernel.bin to your TFTP server and rename it to initramfs.bin
- Enable serial console and enter to u-boot cli and exec these commands:
```
tftpboot <your_tftp_server_ip>:initramfs.bin
bootm
```
- Once boot completed and you get the openwrt shell execute below commands:
```
device=<device_name>
mkdir -p /tmp/fw_backup; cd /tmp/fw_backup
rootfs=$(cat /proc/mtd | grep \"rootfs\" | cut -d: -f1)
rootfs_1=$(cat /proc/mtd | grep \"rootfs_1\" | cut -d: -f1)
dd if=/dev/${rootfs} of=rootfs_${rootfs} bs=1M
dd if=/dev/${rootfs_1} of=rootfs_1_${rootfs_1} bs=1M
cp /sys/firmware/fdt fdt.dtb
md5sum * > md5sum
tar -cvzf /tmp/${device}.tar.gz .
sum=$(md5sum /tmp/${device}.tar.gz | cut -d' ' -f1)
mv /tmp/${device}.tar.gz /tmp/${device}_${sum}.tar.gz
echo "stock fw backup saved to: /tmp/${device}_${sum}.tar.gz"
```
- Upload/save your backup to a safe place.
**STOCK FIRMWARE RECOVERY:**
- Boot initramfs image
- Upload your backed-up stock fw tarball to the device
using scp or download it from the device using wget.
- Enter device ssh cli or tty and exec:
```
cd /tmp && wget <your_web_server_ip>/${stock_fw_backup}.tar.gz`
tar -xpzf ${stock_fw_backup}.tar.gz
rootfs=$(cat /proc/mtd | grep \"rootfs\" | cut -d: -f1)
rootfs_1=$(cat /proc/mtd | grep \"rootfs_1\" | cut -d: -f1)
ubiformat /dev/${rootfs} -y -f /tmp/rootfs_${rootfs}
ubiformat /dev/${rootfs_1} -y -f /tmp/rootfs_1_${rootfs_1}
reboot
```
**INSTALLATION:**
1. initramfs method
- Put openwrt-*-initramfs-kernel.bin to your TFTP server and rename it to initramfs.bin
- Enable serial console and enter to u-boot cli and exec these commands:
```
tftpboot <your_tftp_server_ip>:initramfs.bin
bootm
```
- Once boot completed and you get the openwrt shell execute below commands:
```
cd /tmp && wget <your_web_server_ip>/factory.ubi`
export rootfs=$(cat /proc/mtd | grep rootfs | cut -d: -f1)
export rootfs_1=$(cat /proc/mtd | grep rootfs_1 | cut -d: -f1)
ubiformat /dev/${rootfs} -y -f factory.ubi
ubiformat /dev/${rootfs_1} -y -f factory.ubi
reboot
```
2. u-boot nand-factory.bin image method
- Put openwrt-*-squashfs-nand-factory.bin to your TFTP server and enter u-boot cli and exec these commands:
```
tftpboot <your_tftp_server_ip>:factory.bin
#After downloading is finished:
imxtract 0x44000000 ubi
flash rootfs
flash rootfs_1
reset
```
Signed-off-by: Shubham Vishwakarma <shubhamvis98@fossfrog.in>
During 802.11r Fast Transition roaming, when a client moves between
APs (e.g., wlan0 to wlan1) with the same dynamic VLAN assignment, the
vlan_add handler's refcount mechanism prevented the new WiFi interface
from being added to the bridge.
When wlan0-v100 and wlan1-v100 exist simultaneously with VLAN ID 100,
the refcount becomes 2, causing vlan_add to exit early for wlan1-v100.
This left wlan1-v100 out of the bridge VLAN table, breaking connectivity
after roaming despite correct VLAN assignment via RADIUS and RRB frames.
Fix by detecting WiFi VLAN interfaces (wlan*-v*) and always adding them
to the bridge regardless of refcount. The refcount mechanism now only
controls WAN port VLAN configuration, which should only occur once per
VLAN ID.
Also reorganise vlan_add/vlan_remove to check swconfig early for clarity.
Signed-off-by: John Crispin <john@phrozen.org>
Enable CONFIG_LEDS_TRIGGER_HEARTBEAT to allow LED heartbeat
functionality when device goes offline. Without this kernel option,
the LED trigger mechanism was unavailable, preventing the LED from
flashing to indicate offline status.
Fixes: WIFI-14646
Signed-off-by: John Crispin <john@phrozen.org>
When a station roams between bands on the same VLAN, the vlan_remove
event from the old band can arrive after the vlan_add event from the
new band, causing the VLAN to be incorrectly deleted whilst still in use.
Add reference counting that tracks how many interfaces are using each
VLAN ID. Only create VLAN devices on the first reference and only
remove them when the last reference is dropped.
On startup, initialise refcounts from current station state to handle
daemon restarts correctly.
Signed-off-by: John Crispin <john@phrozen.org>
676e155 dhcp_inject: fix a syntax issue in dhcp_inject
e594c44 captive.uam.mac-auth: the default was wrong
Signed-off-by: John Crispin <john@phrozen.org>
LAN switch exposes single eth1 instead of per-port interfaces for RAP750W-311A.
Using VLAN to separate LAN to each physical port for RAP750W-311A.
Fixes: WIFI-15163
Signed-off-by: jackcybertan <jack.tsai@cybertan.com.tw>
make openwrt/profiles relative so moving or renaming the repo directory won't break the symlink
Signed-off-by: Shubham Vishwakarma <shubhamvis98@fossfrog.in>
Changelog:
- Fix MAC address assignment for Ethernet ports
- Fix Ethernet port configuration (was not working in the current DTS
because GPIOs 23 and 24, used for LEDs, are RGMII2 pins)
- Add package kmod-7915-firmware to enable Wi-Fi
Signed-off-by: Shubham Vishwakarma <shubhamvis98@fossfrog.in>
Set max_ap_assoc at wiphy init instead of vif init for mt7915.
Hard code max_ap_assoc to 128 for EAP112 in wifi_max_user.uc
Fixes WIFI-15027
Signed-off-by: Arif Alam <arif.alam@netexperience.com>
100c045 Fix cloud cannot show association list when WDS-AP in state.uc
168f6a4 dhcp_inject: Support multiple upstream
Signed-off-by: John Crispin <john@phrozen.org>
Introduce a blocklist mechanism to avoid retrying failed discovery
methods within the same discovery cycle. Each time a method fails
validation, it is added to the blacklist. The blacklist is cleared
once the device transitions to ONLINE or after all discovery methods
have been attempted.
This prevents repeated attempts of failing methods and ensures the
discovery process progresses more reliably.
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
In cases where gateway.json exists, the discovery method may be unset.
Writing an empty value to discovery.state.json is not useful, so
avoid updating the file in this case.
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
Always obtain EST certificates before starting the discovery process.
This ensures certificates are already available from the EST server, since
the FQDN may be provided via DHCP discovery or another discovery method,
and requires valid certificates to proceed.
Fixes: WIFI-15123
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
Commit 2e4972e9ad ("ipq53xx: Add KERNEL_IPQ_MEM_PROFILE for IPQ53XX")
introduced KERNEL_IPQ_MEM_PROFILE but didn't set it for all IPQ53xx
boards, causing them to boot with incorrect RAM size settings.
This adds CONFIG_KERNEL_IPQ_MEM_PROFILE=0 to the affected board profiles:
- cig_wf189, cig_wf189h, cig_wf189w, cig_wf672
- edgecore_eap105
- sonicfi_rap7110c-341x
Signed-off-by: John Crispin <john@phrozen.org>
Reverse byte order in non-OUI part of MAC address to prevent overlap
when MBSSID is enabled. Swaps bytes 3 and 5 and masks lower nibble
of byte 5 before applying index XOR.
Signed-off-by: John Crispin <john@phrozen.org>
Ensure that LEDs are configured to be ON before attempting to change their state.
Previously, if the LED was configured to be OFF, it would still enter a double-blink
state when the cloud connection was lost, and then switch to solid ON upon
reconnection—ignoring the configured OFF state.
This update changes that behavior:
- If LEDs are configured OFF, they will remain OFF even during cloud
disconnection (no double-blink).
- After temporary state changes (e.g., during factory reset), the LED will
return to its configured state (either OFF or ON).
Signed-off-by: Paul White <paul@shasta.cloud>
The MIB loop cnt variable was defined as a static variable in the function that
implements the loop, however this function can be called for more than one switch
on some platforms. This results in a race condition that leads to memory
corruption and kernel crashes.
The fix moves the loop cnt variable to the passed in switch handle, this way
there is one per switch chip. Thix fix was identified by looking at newer
versions of the qca-ssdk software package from QCA.
Signed-off-by: Paul White <paul@shasta.cloud>
A scenario was seen where UCI config was not flushed to disk before
an AP power-cycle after uci-defaults was completed. Since these
scripts are deleted after being ran once, there is no way to recover
without a factory reset.
Adding this sync operation proved to help avoid this situation from
happening
Signed-off-by: Paul White <paul@shasta.cloud>
Adds support for recording the method used to discover the cloud
controller (e.g. DHCP, FLASH, OpenLAN).
The selected method records the current date and time along
with the discovery method into "/etc/ucentral/discovery.state.json".
The date is stored in epoch format.
Fixed: WIFI-14966
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
cloud_discovery will not start if the CN does not match the devices serial.
an error will be written to syslog
---
Wed Aug 6 14:23:23 2025 user.notice root: ERROR
Wed Aug 6 14:23:23 2025 user.notice root: ERROR
Wed Aug 6 14:23:23 2025 user.notice root: ERROR
Wed Aug 6 14:23:23 2025 user.notice root: The certificate used has a CN that does not match the serial of the device
Wed Aug 6 14:23:23 2025 user.notice root: ERROR
Wed Aug 6 14:23:23 2025 user.notice root: ERROR
Wed Aug 6 14:23:23 2025 user.notice root: ERROR
---
Signed-off-by: John Crispin <john@phrozen.org>
The daemon will check the vailidity of the operational certificate once and hour.
If the certificate is valid for less than three days, a reenrollment is attempted.
Once the reenroll happened the connection to the cloud controller will be restarted.
Fixes: WIFI-14900
Fixes: WIFI-14694
Signed-off-by: John Crispin <john@phrozen.org>
The updated flow:
- Mount /dev/mtdblock* (the certificates partition) to /mnt
- Copy its contents to /certificates
- Unmount /mnt
- Extract the PKI 2.0 certificates into /certificates
Fixes: WIFI-14904
Signed-off-by: jackcybertan <jack.tsai@cybertan.com.tw>
To fix EMI and avoid Ethernet RX stuck after reboot for Zyxel NWA130BE.
Ethernet Rx stuck was sometimes happened when we do stress reboot,
need to adjust the amplitude level of SGMII for CPU and QCA8385 side.
And those settings come from the result that Zyxel HW team and Manufacturer
co-work to fine tune for NWA130BE.
Signed-off-by: YenLin Pan <YenLin.Pan@zyxel.com.tw>
92fb3c1 WIFI-14901: Add rrm_chanutil status to health.uc (when it fails) and save health metric in /tmp/ucentral.health
6313892 WIFI-14906: Add 'sync' after file generation in Cloud discovery process
Signed-off-by: John Crispin <john@phrozen.org>
This patch enhances WPA3 encryption support in netifd by introducing GCMP-256
cipher handling for wireless interfaces operating on the 6 GHz band with HE/EHT
modes.
Fixes: WIFI-14594
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
b971b73 Support HaLow Mesh on EAP112
7d28320 Fix in ucode script of config_raw to add multiple UCI sections via config-raw object of the schema
1453f2e chanUtil per radio shall be obtained from the policy_chanutil.uc script
fa26853 enable multiple bssid by default on 6G
Signed-off-by: John Crispin <john@phrozen.org>
Rate limiting was not applied on WiFi-7 devices because their
hostapd interface names use the phy* prefix instead of wlan*.
This patch extends the match pattern to include both wlan* and phy*.
Fixes: WIFI-14884
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
1. For EAP112 LTE module (Quectel EM60 series), when username and password is configured, it is required to update the context with the QICSGP AT command.
2. Use a handler function to check if the AT command is stuck and retry.
Fixes: WIFI-14545
Signed-off-by: Sebastian Huang <sebastian_huang@accton.com>
Description:
A missing ;; in the 02_network file for the ipq50xx target caused
improper network configuration across all ipq50xx platforms
(e.g., Edgecore EAP104, Cybertan RAP630C-311G).
This resulted in loss of Internet connectivity.
Fix:
Added the missing ;; in the appropriate case block.
Tests Performed:
Verified on Edgecore EAP104. Network configuration was applied
correctly and Internet connectivity was restored.
Fixes: WIFI-14847
Signed-off-by: Venkat Chimata <venkat@nearhop.com>
1. Copy modemmanager to feeds/ucentral.
2. Add function to find the device sysfs path when protocol is "wwan".
3. Call ifup when modem is ready for connection.
4. Add trigger to restart modemmanager when network uci is updated.
Fixes: WIFI-14751
Signed-off-by: Sebastian Huang <sebastian_huang@accton.com>
* Reduce the i2c frequency to enable the encryption chip to be recognized
* Add USB xr Serial driver and init gps uart param
* Factory reset when switching wifi mode
* SFP gpio should be input mode
Fixes: WIFI-14789
Signed-off-by: Justin.Guo <guoxijun@actiontec.com>
1.Change the WiFi temperature threshold.
2.Use single antenna when temperature is too high.
Fixes: WIFI-14788
Signed-off-by: Justin.Guo <guoxijun@actiontec.com>
2819f87 HaLow: fix channel 8/24/40 cannot be set
3b04c09 HaLow: set default channel to avoid HaLow not working when no channel set by JSON
Signed-off-by: John Crispin <john@phrozen.org>
2b8a58b dont crash if udevmand does not reply
985f3cb WIFI-14588: Cloud Package Manager
Fixes: WIFI-14752
Signed-off-by: John Crispin <john@phrozen.org>
Support user to control PSE on/off (chip: tps23861) via ucentral config file.
Use uci-default to write poe's uci default file.
Fixes: WIFI-14724
Signed-off-by: jackcybertan <jack.tsai@cybertan.com.tw>
125a148 add PoE support for client ports
17b6c18 Cloud Package Manager
a86b8b0 Fix typo in enhanced MPSK property name
57852ed update schema.json to 4.1.0
e155483 command: update upgrade and factory commands to handle new operational certs
Signed-off-by: John Crispin <john@phrozen.org>
If MPSK is enabled on any interface, `ssid.mpsk` should be true.
Prevents overwriting true with a false value when multiple interfaces
share the same SSID.
Also allow handling of the 'reload' event even when MPSK is not enabled,
to ensure config reloads are not skipped, e.g. when configuration is empty.
Fixes: WIFI-14484
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
After roaming to EAP105, the roaming frames were exchanged successfully,
but the STA sent a deauthentication frame to the AP with an "INVALID IE" error.
The RSNXE subfield in the FTIE was set in the Reassociation Response frame.
The STA validated the Reassociation frame and was unable to process the
RSNXE subfield.
Modified SAE options (sae_pwe=4 and sae_require_pmf=0).
Fixes: WIFI-14544
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
A printk() was previously introduced that is passing the log level as the first argument
instead of prefixing the format with the level. Given this code path, this is causing a
kernel fault and CPU reboot without any kernel panic/stack trace, since it's crashing
inside of printk().
CPU:0 ts:206871944795 ffffffc008dcf828 ffffffc008dfe914 cleanup_module [batman_adv] <- cfg80211_vendor_cmd_reply+0x7ff4/0xa064 [cfg80211]
CPU:0 ts:206871944800 ffffffc0108e69d0 ffffffc008dcf80c printk <- cleanup_module+0xb22c/0xa20 [batman_adv]
CPU:0 ts:206871944802 ffffffc0101173c0 ffffffc0108e6a08 vprintk_func <- printk+0x60/0x6c
CPU:0 ts:206871944806 ffffffc010115e44 ffffffc0101160ec vprintk_emit <- vprintk_default+0x4c/0x60
CPU:0 ts:206871944809 ffffffc0101172d0 ffffffc010115e88 __printk_safe_enter <- vprintk_emit+0x84/0x29c
CPU:0 ts:206871944812 ffffffc010115c20 ffffffc010115ec4 vprintk_store <- vprintk_emit+0xc0/0x29c
CPU:0 ts:206871944816 ffffffc0100a53a4 ffffffc010080fb4 do_translation_fault <- do_mem_abort+0x54/0xb0
CPU:0 ts:206871944819 ffffffc0100a4eb4 ffffffc0100a5448 do_page_fault <- do_translation_fault+0xc8/0xe0
CPU:0 ts:206871944821 ffffffc0100a4d08 ffffffc0100a5038 __do_kernel_fault <- do_page_fault+0x1a8/0x4f0
CPU:0 ts:206871944837 ffffffc0100a4c88 ffffffc0100a4df0 die_kernel_fault <- __do_kernel_fault+0x110/0x1b0
After applying the fix, we can see this code path is being hit:
[26799.175166] cfg80211_calculate_bitrate_he: invalid rate->nss: 0
This still doesn't fix the original issue triggering this code path, which is why a nss value
of 0 is being reported.
Fixes: eb9cbaec7 ("ipq807x: Shorten the kernel backtrace warning msg for ieee80211_bss_get_elem")
Fixes: WIFI-14677
Signed-off-by: Paul White <paul@shasta.cloud>
Fix the case where firmware crashes when STA sends AUTH with same
MAC address to multiple SSIDs on the same radio.
Fixes: WIFI-13276
Signed-off-by: Arif Alam <arif.alam@netexperience.com>
When using psk2-radius in combination with enhanced MPSK,
the passphrase was not properly propagated to user scripts
via the ucode interface, because the PSK field was not set
in the connected station context.
This patch fixes that by copying the passphrase into the
psk field.
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
For the Edgecore EAP-105 platform, configure the 2.4GHz, 5GHz,
and 6GHz WLAN interfaces to use MAC addresses derived
from the base WAN MAC address.
Fixes: WIFI-14624
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
* While Roaming the AP couldn't find the wildcard R0KH and R1KH ids,
which are required by Fast transistion.
* Issue caused by the placement of conf parser in the invalid location.
Fixes: WIFI-14544
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
9710867 (HEAD -> main, origin/main, origin/HEAD) make the MTU configurable on GRE tunnels
4dd0904 SSH IdleTimeout can be configured from JSON config
6faaa1f HaLow: Extend ucentral schema & state for HaLow
Signed-off-by: John Crispin <john@phrozen.org>
6faaa1f HaLow: Extend ucentral schema & state for HaLow
aa9cac5 dhcp_inject: Use same keyword "dhcp-inject" in config file
Signed-off-by: John Crispin <john@phrozen.org>
1. porting MorseMicro HaLow driver to support HaLow on EAP112
2. Only support FCC regulation because of hardware limitation
3. Add /etc/init.d/halow-gpio-reset to initialize HaLow chip in early stage
4. Add /etc/uci-defaults/aaa-fix-phy0-to-morse to correct the default uci for HaLow radio.
Signed-off-by: Ian Chen <ian77_chen@accton.com>
* add "limit_rtlphy_10g_ablity" in DTS , no side effect on other product.
* disable 10G capability if DTS defined limit_rtlphy_10g_ablity , no side effect on other product.
* revert the last 0006-qca-ssdk-Fix-10G-rtl-phy-driver-for-c45-mdio-read-wr.patch and based on 0005 patch.
Fixes: WIFI-14567
Signed-off-by: Ken Shi <xshi@actiontec.com>
Added check when parsing ssid info retrieved from iwinfo.
Program will exit if expected interface count and iwinfo entry count mismatch.
Fixes: WIFI-14564
Signed-off-by: alex18_huang <alex18_huang@accton.com>
The main reason was adding missed functionality for Radius
configuration which caused rejecting WiFi clients on
authentication level.
Still some changes not included:
* AFC,
* hs20_release,
* multiple_bssid,
* he_co_locate
Fixes: WIFI-14459
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
- avoid calculated Channel Utilization value to be 'infinity' from cycle_count_delta being '0'
Fixes: WIFI-14536
Signed-off-by: Tanya Singh <tanya_singh@accton.com>
Program sometimes did not setup tc qdisc on some interfaces when creating SSID with dhcpinject enabled initially.
Added delayed startup.
Fixes: WIFI-14522
Signed-off-by: alex18_huang <alex18_huang@accton.com>
The bug was in the upstream hostapd codebase, backport/rebase the fix
--> ba150059d1ec964add8f29eb2c92dd6dfde97308
Fixes: WIFI-14508
Signed-off-by: John Crispin <john@phrozen.org>
246873b add max-inactivity to ssid config
3b5a5c4 Allow option 82 DHCP fields to be transparently injected into client DHCP requests
Signed-off-by: John Crispin <john@phrozen.org>
During roaming validation, an issue was detected with
the ASSOC-REJECT event, which had a status code of 55.
To resolve this, the SNonce from the Auth Request Frame
was copied, and the random ANonce is now used
only when expired.
Fixes: WIFI-14326
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
Fix removing rhash when station is roaming between radios and
apply logic from opensource driver during adding/removing
peer.
Fixes: 7374c39d ("ath11k: fix STA roaming between radios")
Fixes: WIFI-14457
Signed-off-by: Arif Alam <arif.alam@netexperience.com>
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
1. Integrated WiFi boarddata
2. Integrated LEDs
3. sysupgrade changes are integrated
4. Network ports are enumerated
5. A new profile is added under profiles
Signed-off-by: Venkat Chimata <venkata@shasta.cloud>
c2338ad snmp: fix schema/yaml syntax
50c4ead set schema version to 4.0.0
d8260f8 add property that allows disabling MPSK
Signed-off-by: John Crispin <john@phrozen.org>
1c11c1b WIFI-14284: Use swconfig to get the correct port to VLAN ID mapping for statistics
Fixes: WIFI-14284
Signed-off-by: John Crispin <john@phrozen.org>
d2ff805 Change realtime events type from enum to string
a518b02 schema, ssid: add mpsk-radius encryption
Signed-off-by: John Crispin <john@phrozen.org>
Add casting center frequency to int, previosly was used
string.
{
"dev": "wlan1",
"wiphy_freq": "5180",
"measurement_duration": "70",
"center_freq1": "518030",
"scan_ssids": [
""
],
"scan_flags": 4
}
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
Update scan module to support WiFi 7 devices
which have virtual phys defined. Scanning on
the different virtual phys but on the same physical
phy isn't allowed.
Add NL CBs to notify about scanning progress.
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
Need to unblock chandef as scanning definitions which
is used by TIP modules for scanning trigger.
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
Invalid logical operator was used for checking null
pointers in channel_switch function: AND instead OR
Fixes: 7477963b ("ucentral-event: add channel switch handler")
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
Broadcast / Multciast transmission is not working in DVLAN mode in the driver.
If we send the frames as unicast frames, it works. This is a workaround for now.
Need to rollback once we add a clean fix.
Fixes: WIFI-14441
Signed-off-by: Venkat Chimata <venkata@shasta.cloud>
Add channel switch handler to update hapd object
with new frequency and channel info.
Fixes: WIFI-14336
Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
"bandwidth_up", and "bandwidth_down" had typos. The correct attributes are
"bandwidth-up", and "bandwidth-down"
Signed-off-by: Firas Shaari <firas.shaari@shaariconsultancy.com>
Specifications:
SoC: MediaTek MT7981BA
RF Chipset: MT7976DA @2.4GHz 2T2R
MT7976DA @5ghz 2T2R
RAM: 512MB DDR4 RAM
Flash: SPI-NAND 256 MiB
Ethernet: 2 x 1GbE PHY
Reset Button
Power Source: DC IN 12v, Standard PoE 802.3af/at
LED Indicator: 1 x single color LED (GPIO Control)
Fixes: WIFI-14312
Signed-off-by: steven.lin <steven.lin@senao.com>
f0dfb40 Include DHCP VSI information in state message
44da3d6 Add config for vendor-class and request-options
a21635b always request option 43 and 224 when doing DHCP
Signed-off-by: John Crispin <john@phrozen.org>
Specifications:
SoC: MediaTek MT7986A
RF Chipset: MT7976G @2.4GHz 4T4R
MT7976A @5ghz 4T4R
RAM: 1GB DDR4 RAM (2x 512MB)
Flash: SPI-NAND 256 MiB
Ethernet: 1x 2.5GbE PHY
Reset Button
Power Source: DC IN 12v, Standard PoE 802.3af/at
LED Indicator: 4 x single color LED (GPIO Control)
Fixes: WIFI-13983
Signed-off-by: Steven Lin <steven.lin@senao.com>
baeef76 Revert "ucentral-schema: add support for configuring snmpd service using ucentral."
684a1aa firewall: upon up NAT'ed port 53 for ipv6
83a30b4 enable reconf for mpsk interfaces
Signed-off-by: John Crispin <john@phrozen.org>
42e59d5 Add system-password to the schema
8b3701b ucentral-schema: add support for configuring snmpd service using ucentral.
Signed-off-by: John Crispin <john@phrozen.org>
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
