Valent Turkovic [Tue, 3 Mar 2026 21:18:52 +0000 (22:18 +0100)]
ipq40xx: re-enable MeshPoint.One target
The MeshPoint.One was disabled during the DSA migration with the
comment "Missing DSA Setup". However, this device inherits its
entire network configuration from 8dev Jalapeno via the
Device/8dev_jalapeno-common template, and shares the same DSA
network setup in 02_network.
The Jalapeno has been working with DSA since the migration. All
MeshPoint.One board support files (DTS, network config, LED config)
are already in place and reference the same QCA8072 switch
configuration as the Jalapeno.
Hardware: Qualcomm IPQ4018, QCA8072 switch, same as 8dev Jalapeno.
Tested: Built firmware from current main branch, boots and network
functions correctly.
Hauke Mehrtens [Wed, 25 Feb 2026 23:02:11 +0000 (00:02 +0100)]
base-files: honoring Dave Täht with the OpenWrt 25.12
Dave Täht sadly passed away on April 1, 2025. With the OpenWrt 25.12
release, we honor his life and his remarkable contributions.
Dave played a key role in reducing bufferbloat and improving network
latency in OpenWrt and across the wider internet. His work made networks
faster, more responsive, and more reliable for millions of users.
This release is dedicated to his memory and lasting impact on the
networking community.
Dave's Wikipedia article: https://en.wikipedia.org/wiki/Dave_T%C3%A4ht
KSZ DSA driver is the only thing in the kernel selecting DCB support
instead of depending on it if required.
So, it will enable DCB support without asking and we do not want the
kernel size increase, as well as current Layerscape ARMv8 build failure.
So, revert this until its fixed upstream or worked around.
realtek: pcs: revive dead ports after RTL8382M start
SerDes attached ports that are connected during switch
boot might not be able to transmit any data after SerDes
setup. Especially ports that passed traffic before (e.g.
for tftp initramfs boot) seem to be affected. Ports that
are connected later do not show this issue.
It turns out that the old SerDes setup never really worked
on RTL8382 and the pcs refactoring (with dynamic SerDes
start and stop) totally changed the order of network bringup
in contrast to Realtek SDK.
Fix this by restaring the switch queue whenever a SerDes
goes up for the first time.
realtek: central unlock for RTL838x write protection
The write protection register (0x1b000058) is opened up in prom init
but closed later in rtl838x_pie_init(). From that moment no more
special register writes are possible.
Only unlock the write protection register once during prom init.
Remove all other references. The error has been active since ages
but was not visible until pcs refactoring. For reference blame the
refactoring commit.
- It clears out bits 4-31 due to a wrong mask
- Setup of bits 0-3 is not generic but depends on the mode of
serdes 0/1
Fix that by relocating the code and adapting the mask. The error
exists for longer but it has survived the pcs refactoring. Thus
blame the corresponding refactoring commit.
Hauke Mehrtens [Thu, 26 Feb 2026 19:49:17 +0000 (20:49 +0100)]
lantiq: dm200: Fix loading PHY firmware
The device has 1 100MBit/s port. By default the PHY firmware is running
in 1GBit/s mode. The driver will try to load the 1GBit/s firmware and
fail if it is not there. Set the GPHY0 also to 100MBit/s mode.
The driver uses all nodes independent of the status attribute.
mt7620: workaround jal imm26 and redundant PAGE_ALIGN
On MT7620-class platforms (CONFIG_NET_RALINK_MT7620) we observe sporadic
wrong-jump-targets, kernel oopses, hanging, corrupted backtraces or even
"half-written" instructions when the compiler emits a direct 'jal imm26'
call.
This is triggered in:
- the small random helpers inside get_random_u32_below(), and
- the blkcg_maybe_throttle_current() call in resume_user_mode_work().
This patch forces those two call sites to use an indirect call via
a volatile function pointer (load into register + jalr) when building
for MT7620, avoiding embedding a 26-bit immediate jump target.
Additionally, on MT7620 builds the exec path in fs/exec.c is modified:
- skip arch_align_stack() + PAGE_ALIGN() in setup_arg_pages()
because the micro-randomization (< PAGE_SIZE) implemented by many
ports (including MT7620) is negated immediately by PAGE_ALIGN().
Skipping the redundant PAGE_ALIGN() reduces exposure to the
problematic code pattern.
These changes are targeted workarounds for MT7620; behavioral logic is unchanged.
Compared to ralink,mtd-eeprom , the nvmewm binding ends up byteswapping
the data on big endian hosts. Meaning on big endian, the nvmwem binding
is equivalent to:
ralink,mtd-eeprom +
ralink,eeprom-wrap
Revert as a result since there's no eeprom-swap here.
Hauke Mehrtens [Wed, 25 Feb 2026 00:26:02 +0000 (01:26 +0100)]
mac80211: activate BRCMFMAC_SDIO on x86
Activate the option BRCMFMAC_SDIO by default on x86 too. x86 already
compiles MMC support into the kernel. This will just compile brcmfmac
with MMC support.
Hauke Mehrtens [Wed, 25 Feb 2026 23:41:11 +0000 (00:41 +0100)]
wifi-scripts: fix handling of 64 character WPA key
The key variable is not defined in the scope when setting wpa_psk. Use
config.key instead.
This fixes configuration the 64 characters wpa_psk directly.
Hauke Mehrtens [Wed, 25 Feb 2026 21:42:56 +0000 (22:42 +0100)]
ramips: mt7621: fix network configuration
The configuration for the dlink,dir-1360-a1 also changed the settings
for the devices defined on top of it. "lan1 lan2 lan3 lan4" "wan" is
the default configuration, no need to add it here.
Daniel Golle [Mon, 9 Feb 2026 11:47:39 +0000 (11:47 +0000)]
procd: update to git HEAD
7e5b324 instance: check length of names when creating cgroups 014f94c procd: jail/cgroups: fix OOB write in cgroups_apply() e08cdc8 hotplug-dispatch: fix filter disallowing setting PATH afa4391 service instance: Improve handling of watchdog config changes 52c64d2 service instance: Fix overwriting of watchdog linked list members 96c827f coldplug: fix missing header include 6b10c71 hotplug-dispatch: fix missing header include 58d7aaa initd/coldplug: create /dev/null before running udevtrigger 64f97ff hotplug-dispatch: redirect output to /dev/null c4e9859 hotplug-dispatch: use stat if d_type is DT_UNKNOWN bafdfff system: fix arguments validation in ubus handler
Chester A. Unal [Mon, 5 Jan 2026 12:54:42 +0000 (14:54 +0200)]
ramips: mt7621: enable kmod-usb3 for Mikrotik RBM33G
Mikrotik RBM33G has got a USB-A port and mPCIe slots with USB 3.0 and USB
2.0 interfaces in use. The MediaTek MT7621 SoC has got an xHCI to provide
these interfaces. Therefore, enable kmod-usb3 to support them.
Fixes: 5684d087418d ("ramips: Add support for Mikrotik RouterBOARD RBM33g") Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
(cherry picked from commit 61c9337d80318a49a5bcee586435b513fbdeacf7)
Daniel Golle [Fri, 20 Feb 2026 14:49:02 +0000 (14:49 +0000)]
Revert "package: kernel: dtc: Add DTO support"
It looks like commit 6d2f3b1b19 ("package: kernel: dtc: Add DTO support")
added this patch file 9 years ago without it ever being applied anywhere.
Back then there wasn't even a 'dtc' package, but we just used 'dtc' from
the Linux kernel sources.
Nowadays there is package/utils/dtc which is used to build dtc to be used
on the target (*not* a host-build!), and it of course already contains
support for device tree overlays since v1.4.3 from 2017...
Sander Vanheule [Sat, 21 Feb 2026 14:00:39 +0000 (15:00 +0100)]
realtek: hog the GS1900-24E external IC reset line
The GPIO line connecting to the reset signals of the GS1900-24E(A1)'s
external ICs (RTL8218B phys and RTL8231 expander) cannot be asserted by
the MDIO subsystem, as the reset is shared between busses.
To prevent users from accidentally asserting the reset line, a GPIO hog
is created to permanently de-assert the signal, reliably keeping the
phys and GPIO expanders on.
Tested-by: Simon Fischer <simi.fischa@gmail.com> Signed-off-by: Sander Vanheule <sander@svanheule.net>
(cherry picked from commit ba57225066243b28d2802ea5c47313c97767150e)
Sander Vanheule [Sat, 21 Feb 2026 13:44:23 +0000 (14:44 +0100)]
realtek: rtl838x: drop GS1900 MDIO reset GPIO
The reset line wired to the RTL8231 on the GS1900 series may also
connect to other external ICs on the board. On the GS1900-24E, the
reset line is wired (via buffers) to the board's RTL8231 expanders and
the RTL8218 phys. As these external devices (phys) are on different
busses, the reset line shouldn't be specified on one bus or the other.
Drop the reset specification from the generic GPIO description, so it
can be added back on a per-device basis after confirming the behavior.
Tim Harvey [Fri, 20 Feb 2026 01:01:48 +0000 (17:01 -0800)]
imx: cortexa53: remove KSZ9477 static driver
The KSZ9477 driver was added to the cortexa53 kernel to support the
Gateworks Venice product family which has a board with this switch. Now
that the kmod-dsa-ksz9477 driver is available as a package remove the
static configuration ad add the package.
This resolves an issue caused by having the switch driver static and the
PHY driver as a module such that the PHY driver was not registered early
enough to be used causing some errata to not be worked around.
Hauke Mehrtens [Sun, 22 Feb 2026 22:11:47 +0000 (23:11 +0100)]
wireless-regdb: update to version 2026.02.04
75bedc5 wireless-regdb: Update regulatory info for Australia (AU) for 2025 a6e5195 wireless-regdb: Update broken link in regulatory.bin(5) manpage 9e8c67f wireless-regdb: Update regulatory info for Malaysia (MY) for 2024 61a4637 wireless-regdb: Update regulatory info for Malaysia (MY) for 2025 5cefe55 wireless-regdb: Update regulatory info for Tunisia (TN) on 6GHz for 2025 1a729ae wireless-regdb: Update regulatory info for Canada (CA) for 2025 ea20dfa wireless-regdb: update regulatory database based on preceding changes
Jonas Lochmann [Mon, 16 Feb 2026 00:00:00 +0000 (01:00 +0100)]
iproute2: include upstream patch for musl libc
Due to a missing include, the constant UINT_MAX is undefined. This
fixes issues when building v25.12.0-rc5. Including a newer version of
iproute2 would include the patch, but causes other building issues.
Add support for the TP-Link EAP683-LR, an AX6000 Ceiling Mount WiFi 6
AP.
Hardware:
* SoC: MediaTek MT7896AV
* RAM: 1GiB DDR4 (Samsung K4A8G165WC-BCTD)
* Flash: 128MiB SPI-NAND (ESMT F50L1G41LB)
* Ethernet: 1x 10/100/1000/2500 Mbps PoE-PD (MaxLinear GPY211C)
* WiFi: MT7976AN/MT7976GN 2.4/5GHz 4T4R
* LEDS: 3x blue connected to a single GPIO line
* Buttons: 1x reset
* BLE/Thread/Zigbee: CC2652
Stock firmware uses a random MAC address for ethernet, label MAC for
2.4 and label MAC + for 5GHz.
Installation via bootloader:
* Solder JST??? connector on J255, alternatively solder wires on the
TP13-TP15 pads. Pinout: TP13: TX, TP14: RX, TP15: GND, TP16: VCC.
The pins for J255 are in the same order.
* Interrupt boot process by repeatedly pressing Ctrl+b during boot
* In the boot menu, select U-Boot console
* Ensure the U-Boot environment variable "tp_boot_idx" is not set:
# setenv tp_boot_idx
# saveenv
* Boot the OpenWrt initramfs:
# tftpboot openwrt-mediatek-filogic-tplink_eap683-lr-initramfs-kernel.bin
# bootm
* copy openwrt-mediatek-filogic-tplink_eap683-lr-squashfs-sysupgrade.bin
to /tmp and install it using sysupgrade
Flashing via OEM firmware is currently not supported. The
tplink-safeloader utility does not recognize the OEM firmware:
DEBUG: can not find fwuphdr
Firmware image partitions:
base size name
Segmentation fault (core dumped)
To revert to the OEM firmware, you can set the U-Boot environment
variable "tp_boot_idx" to 1 via bootloader, or using fw_setenv via
OpenWrt. This should result in booting from the ubi1 partition, which
OpenWrt should not touch. Then use the web interface to upgrade
firmware: System > Firmware Update.
The OEM firmware uses 0x800000 for the runtime_backup partition size.
This causes the following warning:
mtd: partition "runtime_backup" extends beyond the end of device "nmbm_spim_nand" -- size truncated to 0x600000
This is due to the NMBM reserved blocks. Use 0x600000 in our DTS.
Thanks to init Lab's user890104, who soldered jumper wires on the TTL
pads for me so I could have serial console. My soldering skills just
aren't good enough to pull that off without risk damaging things.
The NVMEM codepath does not perform automatic byte conversion. It can be
fixed but the upstream version is quite different from the local
mac80211 patch. Revert until mac80211 gets updated and the whole mess
can get squared away.
ramips: remove obsolete SPI flash nodes after kernel fix
Remove incomplete SPI flash definitions from affected device tree files.
These fragments only defined address-cells and size-cells without any
actual flash configuration (partitions, compatible string, etc.).
After applying openwrt/openwrt#20942 ("kernel: of: fix bad cell count error
for SPI flash node"), the kernel properly handles SPI flash nodes without
requiring these incomplete definitions in device-specific DTS files.
This cleanup eliminates unnecessary code that was likely a workaround for
the previous kernel issue.
Yaroslav Isakov [Sat, 14 Feb 2026 18:35:06 +0000 (19:35 +0100)]
hostapd: fix EAP-PWD in experimental hostapd-radius server
Without initializing pwd_group, it's set to 0, which is reserved value.
When EAP-PWD is used in wpa_supplicant/eapol_test, next error is seen:
EAP-PWD: Server EAP-pwd-ID proposal: group=0 random=1 prf=1 prep=0
EAP-pwd: Unsupported or disabled proposal
Chad Monroe [Fri, 6 Feb 2026 17:21:44 +0000 (09:21 -0800)]
hostapd: initialize first BSS radio_mask during driver init
Secondary BSSes inherit the alloc value which bypasses
NL80211_ATTR_VIF_RADIO_MASK in nl80211_create_iface() and causes the
kernel to default new interfaces to all radios.
The ucode bss_create fallback fails to correct this because
the interface is already UP.. the kernel rejects SET_INTERFACE with
-EBUSY.
This update fixes a build error on my system:
./string.h:777:20: error: expected identifier or '(' before '_Generic'
777 | _GL_EXTERN_C void *memchr (const void *__s, int __c, size_t __n)
| ^~~~~~
Edward Chow [Sat, 14 Feb 2026 13:10:05 +0000 (21:10 +0800)]
bcm53xx: fix target name of meraki_mx64-a0
The target name of meraki_mx64-a0 in
target/linux/bcm53xx/image/Makefile used not to be consistent with the
one defined in target/linux/bcm53xx/base-files/lib/upgrade/platform.sh
and generates warning for "Image check failed" during sysupgrade.
This commit would also make the target name for meraki_mx64-a0 to
conform to the openwrt standard.
Hauke Mehrtens [Sun, 15 Feb 2026 02:06:53 +0000 (03:06 +0100)]
ath79: add env-size for Sitecom WLR-7100 / WLR-8100 u-boot-env
The Linux kernel assumes that the u-boot environment covers the full
partition, but it only covers 0x1000 bytes. Linux checks the CRC and
does this over the full partition. This fails like this:
```
u-boot-env-layout 1f000000.spi:flash@0:partitions:partition@30000:nvmem-layout: Invalid calculated CRC32: 0xfcac8c41 (expected: 0x14e6335a)
u-boot-env-layout 1f000000.spi:flash@0:partitions:partition@30000:nvmem-layout: probe with driver u-boot-env-layout failed with error -22
```
Define the u-boot environment with a length of 0x1000 bytes to calculate
the CRC only over this area.
When replicating the u-boot environment with these parameters it
generates the same CRC:
```
mkenvimage -p 0 -b -s 0x1000 -o output.bin input.txt
```
Hauke Mehrtens [Sun, 15 Feb 2026 23:49:15 +0000 (00:49 +0100)]
build: pass CPPFLAGS to cmake build
The TARGET_CPPFLAGS contain the include paths used by OpenWrt. This also
contains the including of the fortify sources headers. If they are not
provided, the applications will not use fortify sources headers when
compiled against musl. Add them to cmake builds too. cmake does not
support a special CPPFLGS option [0], just add them to CFLAGS and
CXXFLAGS like we also do it for meson and normal make.
This should fix fortify sources support for cmake builds.
I found this explanation for the flags:
* CFLAGS: C flags, passed during compile AND link
* CXXFLAGS: C++ flags, passed during compile AND link
* CPPFLAGS: pre-processor flags, passed ONLY during compile
* LDFLAGS: linker flags, passed ONLY during link
Hauke Mehrtens [Sun, 15 Feb 2026 15:45:38 +0000 (16:45 +0100)]
fortify-headers: fix -Werror=format-nonliteral in fortify/stdio.h
Some applications might activate -Werror=format-nonliteral when building
their application. This breaks fortify headers build. Tell GCC to ignore
such warnings for this code.
This fixes the libubox and ucode build:
```
/include/fortify/stdio.h: In function 'snprintf':
/include/fortify/stdio.h:101:9: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
101 | return __orig_snprintf(__s, __n, __f, __builtin_va_arg_pack());
| ^~~~~~
/include/fortify/stdio.h: In function 'sprintf':
/include/fortify/stdio.h:110:17: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
110 | __r = __orig_snprintf(__s, __b, __f, __builtin_va_arg_pack());
| ^~~
/include/fortify/stdio.h:114:17: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
114 | __r = __orig_sprintf(__s, __f, __builtin_va_arg_pack());
| ^~~
cc1: all warnings being treated as errors
ninja: build stopped: subcommand failed.
```
Flash instructions:
* For using the default ext4 layout, boot into a live system using
tftpboot in u-boot and flash an OpenWrt SD image onto /dev/mmcblk0.
* For the Turris layout, put the new rootfs into subvolume '@', not
forgetting to add Image, device tree, and boot.scr to /boot.
Misc:
* USB connection is only for power. For UART access use the pin header:
1: GND
2: +1.8V
5: TX
6: RX
* Flashing the image onto Turris Shield won't work. Use Turris MOX image
instead.
Felix Fietkau [Tue, 6 Jan 2026 17:46:46 +0000 (18:46 +0100)]
wifi-scripts: move the "disabled" option to the wifi-iface section
This helps for setups where the wifi interfaces are added dynamically
via procd data by avoiding automatically bringing up interfaces with
the default config. Internally, they are treated pretty much the same
by netifd.
Felix Fietkau [Wed, 4 Feb 2026 10:34:55 +0000 (10:34 +0000)]
wifi-scripts: fix nested config accumulation in wdev_set_data
When storing device-level data, wdev_set_data() spread the entire wdev
object into handler_data. Since handler_config.data is set from the
previous handler_data[wdev.name] before each setup, this created
exponentially growing nesting with each reload, eventually causing
"nesting too deep" JSON parse errors.
Fix by initializing cur to a simple object containing only the device
name instead of the entire wdev object.
John Crispin [Fri, 19 Sep 2025 15:05:30 +0000 (17:05 +0200)]
wifi-scripts: refactor iwinfo.uc to support dynamic data updates
Moved interface discovery and data population into an exported update()
function that can be called on-demand to refresh wireless interface
information. This allows using iwinfo.uc as a library inside daemons.
Felix Fietkau [Fri, 13 Feb 2026 09:09:09 +0000 (09:09 +0000)]
uclient: update to Git HEAD (2026-02-13)
63413daa8760 uclient-http: fix HTTP authentication after deferred header processing 4fa6fae02f74 uclient-fetch: Extract opt_post variable 8df3120639a4 uclient-fetch: Use HEAD for --spider 0392dfc8e8c4 uclient-fetch: Support of --method, --body-data and --body-file 115c92824b6d uclient-fetch: add OPTIONS request type a1531e89f6c2 uclient-fetch: support for WebDAV methods
Fixes: https://github.com/openwrt/uclient/issues/14 Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 88f3c0eeb0cd3335cd117accf09a2c3fd0470f4a)
Felix Fietkau [Sat, 31 Jan 2026 14:03:05 +0000 (14:03 +0000)]
uclient: update to Git HEAD (2026-01-31)
b3ee1209a3d0 uclient-http: reset fd to -1 after close in disconnect 9c2ad269c42b uclient-http: fix seq field check to use correct field 80c9bd29c233 uclient-http: fix hang on HTTP to HTTPS redirect 931bbfeb2c92 ucode: fix memory leak when using ssl context
Fixes: https://github.com/openwrt/uclient/issues/11 Fixes: https://github.com/openwrt/uclient/issues/13 Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 9d496dfb984dc645560bb86e5012de29e5efcc6f)
Felix Fietkau [Fri, 13 Feb 2026 09:09:06 +0000 (09:09 +0000)]
libubox: update to Git HEAD (2026-02-13)
d324c0503040 libubox: send warnings to stderr 5a65cb5a79b7 libubox: document positional arguments 8c7b489daa02 libubox: add anonymous strings, ints, et al in arrays 5ec7ff2effb3 uloop: use volatile sig_atomic_t for do_sigchld flag 0efa2cd3b74c usock: check SO_ERROR after poll in usock_inet_timeout() 1a73ded9f738 usock: fix timeout handling in usock_inet_timeout() 1aa36ee774c8 usock: implement RFC 8305 Happy Eyeballs for usock_inet_timeout()
Fixes: https://github.com/openwrt/uclient/issues/8 Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 7bc8aa492f5d3a918c7890645ffd992eadf4c234)
John Crispin [Fri, 6 Feb 2026 07:41:49 +0000 (08:41 +0100)]
unetmsg: notify subscribers when remote peer connection drops
When a remote peer's connection drops (device powered off, unetmsgd
crash, network failure), network_rx_cleanup_state silently removed
the remote publish/subscribe handles without notifying local
subscribers. This meant local clients had no way to detect that a
remote peer had disappeared.
Call handle_publish for each channel where a remote publish handle
is removed during connection cleanup, so local subscribers receive
the publisher change notification and can react accordingly.
Felix Fietkau [Sat, 7 Feb 2026 08:02:24 +0000 (08:02 +0000)]
unetmsg: only send publish notifications for remote publisher changes
handle_publish() notifies local subscribers about publisher state
changes. The publish/subscribe handler in network_socket_handle_request()
was calling it for both remote publish and subscribe changes, but
subscriber changes are not relevant to local subscribers.
Guard the handle_publish() calls with a msgtype == "publish" check,
matching the local client paths in unetmsgd-client.uc which already
have this guard.
Felix Fietkau [Fri, 6 Feb 2026 10:12:31 +0000 (10:12 +0000)]
unetmsg: fix reconnect loop when RX authenticates before TX
When both peers connect simultaneously, the RX side can authenticate
before the TX handshake completes. network_check_auth() was sending a
ping on the unauthenticated TX channel, which gets rejected by the
remote's pre-auth handler as "Auth failed", killing the connection and
triggering an endless reconnect cycle.
Check chan.auth before interacting with the TX channel. If TX auth
hasn't completed yet, just schedule a reconnect timer - auth_data_cb
already handles state sync when TX auth completes.
Felix Fietkau [Fri, 6 Feb 2026 09:30:49 +0000 (09:30 +0000)]
unetmsg: close all channels on network removal
network_close() only closed the listening socket without shutting down
established RX/TX connections. This left remote state in
core.remote_publish/core.remote_subscribe for hosts on the removed
network, causing stale entries in channel listings and failed routing
attempts.
Close all RX and TX channels before removing the network, which also
triggers remote state cleanup via network_rx_socket_close().
Felix Fietkau [Fri, 6 Feb 2026 09:30:26 +0000 (09:30 +0000)]
unetmsg: fix inverted condition in network_rx_socket_close()
The cleanup condition checked != instead of ==, inverting the logic.
This caused two problems:
When an authenticated RX connection disconnected, remote state for that
host was never cleaned up since the stored entry matched the one being
closed.
When a stale unauthenticated connection from a peer closed, any existing
authenticated connection from the same peer was incorrectly deleted and
its remote state wiped.
Felix Fietkau [Fri, 6 Feb 2026 09:22:30 +0000 (09:22 +0000)]
unetmsg: fix publish notification timing around remote auth
When a remote peer's publish registrations arrive via RX before the
local TX connection is authenticated, handle_publish fires but the
subscriber can't reach the remote publisher yet since the TX channel
isn't ready.
Suppress publish notifications on the RX side when no authenticated TX
channel exists for the remote host. After TX authentication completes,
re-trigger handle_publish only for topics that the specific peer
publishes and that have local subscribers.
Felix Fietkau [Fri, 6 Feb 2026 09:17:50 +0000 (09:17 +0000)]
unetmsg: fix stale network cleanup in unetd_network_update()
The condition checked !data.networks instead of !data.networks[name],
making it always false since data.networks was already validated earlier
in the function. Networks removed from unetd were never closed.
Felix Fietkau [Sun, 4 Jan 2026 10:07:33 +0000 (10:07 +0000)]
unetmsg: add timeout for outgoing auth requests
Add a 10-second timeout for outgoing auth requests to prevent
connections from getting stuck when the remote peer goes silent
after the hello handshake but before responding to auth.
Rany Hany [Sun, 15 Feb 2026 16:29:17 +0000 (16:29 +0000)]
wifi-scripts: ucode: fix ieee80211w default
This should not be defaulted to anything in the schema.
What seemed like a minor cleanup actually broke this
as the schema defines a default value already. I did
not notice as I had this explictly set in my config.
A backport commit was missing which was backported upstream with
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.12.71&id=4ce768ac429ec1c2d4ba63a408fed454ed12b248
Rany Hany [Sat, 14 Feb 2026 09:12:19 +0000 (11:12 +0200)]
6in4: improve HE tunnel update procedure
- uclient-fetch timeout bumped from 5s to 15s. If we do not do this
we get flagged by HE as the update request is expensive and takes
more than 5s to execute. Currently 5s timeout causes uclient-fetch
to be killed prematurely as can be seen by the following log:
projects / thirdparty / openwrt.git / log
