The mdio driver has found a simple way to handle phy addresses
for all devices with upstream kernel defaults. Remove all unneeded
hacks from the corresponding patch and reword it.
While we are here increase DSA_MAX_PORTS to 56 to match RTL931x.
- mdio bus 0 serves ports 0..23
- mdio bus 1 serves ports 24..51
This is baked into hardware and cannot be changed during mdio driver
setup with any register write. With the recent changes the driver
handles ports, phys and busses in a more logical way. So a port X
is assigned to a bus Y and a phy Z (on that bus). This gives a
mapping like
- port 16 <=> bus 0, address 16
- port 32 <=> bus 1, address 8
This unique assignment is used in the mdio driver as follows:
- Request to read bus 1, address 8
- Lookup corresponding port = 32
- Read from port 32
Looking at RTL839x it becomes clear that bus/phy => port lookup can
be achieved in multiple different ways. The simple reason is, that
for this device the driver cannot setup the smi topology. It is
baked into the hardware. So adding a "virtual" second bus does not
change the hardware access but allows to keep phy addresses below 32.
Making an example
mdio_bus0 {
PHY_C22(40, 40)
}
resolves to port 40. But the same can be achieved with
mdio_bus1 {
PHY_C22(40, 16)
}
In the first case the kernel sees bus/phy = 0/40 and in the second
case it sees bus/phy = 1/16. Both result in the access to the same
phy device on hardware port 40.
Use this analogy for RTL839x devices to match the real hardware
topology. For this change the existing dts and
- activate mdio bus 1 in rtl839x.dtsi
- rearrange devices with ports 24..51 to make use of bus 1
The lm75 alert polarity active-high patch has been accepted upstream.
Replace the downstream version. Additionally add an upstream bugfix
that was identified during the implementation.
Edward Chow [Mon, 27 Apr 2026 03:13:51 +0000 (11:13 +0800)]
mpc85xx: unify wrapper address of simple image devices
The wrapper address of simple image devices should have been changed
at commit 6a8b831 , but only TL-WDR4900 and BR200-WP are changed at
that time, and now the wrapper address changes are split among patches
for specific devices. More importantly, commit 6a8b831 forgot to
change Enterasys WS-AP3715i, causing
https://github.com/openwrt/openwrt/issues/23112 .
This commit will gather the change of wrapper address of simple image
devices into a dedicated patch file.
Tested: Both WS-AP3715i and TL-WDR4900 v1 boot well.
Fixes: https://github.com/openwrt/openwrt/issues/23112 Signed-off-by: Edward Chow <equu@openmail.cc> Link: https://github.com/openwrt/openwrt/pull/23121 Signed-off-by: Robert Marko <robimarko@gmail.com>
Edward Chow [Wed, 29 Apr 2026 21:52:10 +0000 (05:52 +0800)]
mpc85xx: ws-ap3715i: use libdeflate-gzip for kernel
The simpleImage contains a payload already compressed with lzma-based
xz (by default), so further compressing it with lzma will often make
the result larger. On the contrary, compressing these simpleImages
with gzip can make the result smaller, so replace lzma with
libdeflate-gzip to compress kernel for ws-ap3715i.
Edward Chow [Tue, 28 Apr 2026 03:29:01 +0000 (11:29 +0800)]
mpc85xx: ws-ap3715i: enable access to u-boot env
find_mtd_part() outputs /dev/mtdblockX, to which fw_setenv cannot
write, "/dev/mtd$(find_mtd_index '<vol name>')" could be used instead.
The envsize should also be changed to 0x1000 to make the CRC checksum
valid and the env block recognized by the uboot-envtools, but the
flash sector size remains 0x10000, otherwise the env block will be
readable but not writable.
The "read-only" mark within device tree is also removed.
Add the basic bits to allow 100base-FX SFP mode on the RTL8214FC.
While this looks good fom ethtool perspective, it does not really
change the phy registers to enforce the mode. The SFP is still
driven in 1000base-X.
While it might seem useless at the moment this at least opens
up a new phy control method. This comes handy with one known bug.
In rare cases a SFP that is plugged in during boot does not get
a link. One option to revive the dead port seems to be
root@OpenWrt:~# ethtool -s lan28 speed 100 duplex full autoneg off
rtl83xx-switch 1b000000.switchcore:ethernet-switch lan28: Link is Up - 100Mbps/Full - flow control off
switch: port 28(lan28) entered blocking state
switch: port 28(lan28) entered forwarding state
rtl83xx_fib_event: FIB_RULE ADD/DEL for IPv6 not supported
rtl83xx_fib_event: FIB_RULE ADD/DEL for IPv6 not supported
Maximum devnum in c45 access is only 31. The bits 21-31 of the MMD
register are reserved and cannot be written. Nevertheless add a
proper mask to help AI review bots.
rtmdio_probe_one() should be only called by rtmdio_probe() after it
has validated the dts input. Nevertheless be defensive and add
another consistency check.
Rename the module to describe that it is for the Realtek Otto
switches. Add owner to make clear who takes care. Adapt the
license to match the SPDX header.
realtek: mdio: avoid access to uninitialized variable
The read functions might fail and thus "val" might be uninitialized.
The debug function will output the undefined state. Set the value
to zero to be consistent.
realtek: mdio: add define for RTL839x C22 reads/writes
The RTL839x allows to add an extended page operator during phy
access. This is not needed for the standard linux kernel C22
access. Give the hardcoded 0x1ff value a meaningful define.
Although it is not needed, add the corresponding register define.
This makes clear where the mask belongs to.
realtek: mdio: focus on c22/c45 bits in rtmdio_931x_setup_ctrl()
The rtmdio_931x_setup_ctrl() function currently initializes the c22/c45
and the proprietary format bit of the controller. This works because of
the order these calls are arranged. Narrow down the update to the really
needed bits.
- c22/c45 (bit 1) is updated here
- standard/proprietary (bit 0) is updated in rtmdio_931x_setup_polling()
Adapt the confusing comment "Std. C45, non-standard is 0x3" it basically
explains the other function.
realtek: mdio: refactor RTL930x port ability setup
Provide a separate function to setup the ability (SDS/MDIO) of a RTL930x
port. This simplifies rtmdio_930x_setup_polling(). With this commit the
driver does no longer unconditionally overwrite reserved register bits.
Add a return value for the new function to indicate failure/success. As
of now this will be silently ignored in the caller. A future commit will
take care about that.
realtek: mdio: refactor RTL931x port ability setup
Provide a separate function to setup the ability (SDS/MDIO) of a RTL931x
port. This simplifies rtmdio_931x_setup_polling(). With this commit the
driver does no longer unconditionally overwrite reserved register bits.
Add a return value for the new function to indicate failure/success. As
of now this will be silently ignored in the caller. A future commit will
take care about that.
realtek: mdio: add missing brackets to RTMDIO_PHY_POLL_MMD
With its current usage type RTMDIO_PHY_POLL_MMD() definition is ok.
But for the sake of consistency add brackets around the macro
parameters and use masks to avoid calculation inconsistencies.
The mdio hardware is fully understood. Describe the number of real
busses in the configuration structure and check against this limit
when working on busses.
Try to describe the hardware capabilities with consistent defines
and configuration variables. As raw_page is always num_pages - 1
better use num_pages naming where needed and provide a macro that
converts this naming.
While we are here:
- Sort the configuration variables alphabetically
- Provide num_pages defines per architecture
- adapt RTMDIO_839X_C22_DATA() macro to use the new define
Magnus Kroken [Thu, 23 Apr 2026 18:12:51 +0000 (20:12 +0200)]
mbedtls: backport upstream patches to fix TLS 1.2 client issues
Fix a TLS 1.2 regression that caused clients to reject valid
ServerKeyExchange signatures using RSA-PSS signature algorithms.
The TLS 1.2 regression resulted in errors like:
$ curl https://api.domeneshop.no/v0/
curl: (35) ssl_handshake returned: (-0x6600) SSL - A field in a message was incorrect or inconsistent with other fields
Fixes: https://github.com/openwrt/openwrt/issues/22874 Fixes: https://github.com/openwrt/openwrt/issues/23116 Fixes: f48ef0040b7e ("mbedtls: update to 3.6.6") Signed-off-by: Magnus Kroken <mkroken@gmail.com> Link: https://github.com/openwrt/openwrt/pull/23066 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Felix Fietkau [Mon, 4 May 2026 12:02:41 +0000 (12:02 +0000)]
hostapd: clear start_disabled when adding a BSS to an enabled iface
In AP+STA mode, wifi-scripts emits start_disabled=1 in the per-BSS
section of the generated hostapd config so that hostapd defers
beaconing on every BSS until apsta_state up clears the flag for the
whole iface (uc_hostapd_iface_start clears start_disabled on every BSS
and calls ieee802_11_set_beacon).
When a new BSS is added later via iface.add_bss while the iface is
already in HAPD_IFACE_ENABLED state, the freshly parsed config still
carries start_disabled=1 for that BSS. hostapd_setup_bss is invoked
with start_beacon=true, but hostapd_start_beacon then skips
ieee802_11_set_beacon because conf->start_disabled is set. The kernel
netdev is created without ever starting beacons, the carrier never
comes up, and probe-response transmission attempts fail with
"handle_probe_req: send failed".
Mirror what iface.start does: when the iface is already enabled, the
apsta channel selection has happened, so clear start_disabled for the
incoming BSS before starting it.
Felix Fietkau [Mon, 4 May 2026 07:58:40 +0000 (07:58 +0000)]
hostapd: emit ubus key-mismatch event for SAE confirm failures
Surface SAE confirm mismatches (wrong password) through the same
key-mismatch ubus notification that is already used for PSK failures, so
consumers can react uniformly regardless of the authentication method.
Felix Fietkau [Mon, 4 May 2026 07:49:37 +0000 (07:49 +0000)]
hostapd: avoid spurious interface reload on empty MLD config
mld_set_config() treated any call with empty prev_mld as a fresh
configuration and triggered a full Reload all interfaces, even when the
new config was also empty (the typical path on non-MLD devices).
Reloading every BSS on each netifd reconf disrupted associated stations
including PMF-protected backhaul STAs, which would self-deauth after the
SA Query timeout.
Only treat the call as a new configuration when the new config is
actually non-empty.
Manuel Stocker [Wed, 29 Apr 2026 19:25:21 +0000 (21:25 +0200)]
realtek: support configurable LED interface mode on RTL930x
Add support for changing the LED mode via the device tree.
Currently it always defaults to SERIAL mode. With this change,
one can also use the SINGLE_COLOR_SCAN and BI_COLOR_SCAN modes.
Shiji Yang [Sat, 2 May 2026 06:36:05 +0000 (14:36 +0800)]
toolchain: gcc: drop 110-Fix-MIPS-PR-84790.patch
The issue reported on the patch has been fixed in GCC 13.4.0[1],
14.2.0[2] and 15.1.0[3]. And we have already removed the GCC 14
patch variant in commit a1b9c28edd72 ("toolchain: gcc: drop 110-Fix-MIPS-PR-84790.patch").
1. Boot WRC-X6000GSD in router mode normally
2. Access to the WebUI ("http://192.168.2.1/") on the device
-> その他設定 (Other settings)
-> フォームウェア更新 (Update firmware)
-> ローカルファイル指定 (Specify local file)
3. Select the OpenWrt factory.bin image and click apply ("適用") button
4. Wait ~120 seconds to complete flashing
Switching to the stock firmware:
1. Load the elecom.sh script
. /lib/upgrade/elecom.sh
2. Check the current index of firmware partition
mstc_rw_bootnum
3. Set the bootnum to opposite value between 1 and 2
mstc_rw_bootnum value
example:
- step2 returned "1": mstc_rw_bootnum 2
- step2 returned "2": mstc_rw_bootnum 1
4. Reboot, to stock FW
5. Flash the stock FW to fuly revert back to original.
Notes:
- With the stock firmware, it will flash to another partition and
toggle boot to that partition when any firmware is flashed.
For example when booting on ubi, the new firmware will be flashed
to ubi_2 and the router will boot from ubi_2 afterwards.
The 5th byte of the Persist partition is the boot value (0x01 or 0x02).
- bootmenu_delay=0 is set from factory so uboot menu is hidden by
default.
- The hardware of WRC-X6000GSD is almost identical to WRC-X6000QS, but
WAN (labeled as "INTERNET") port is limited to 1000 Mbps on stock FW.
On OpenWrt FW, 2500 Mbps connection is available on that port.
MAC Addresses:
LAN : 38:97:A4:xx:xx:58 (Factory, 0x2A(hex)/Ubootenv, "ethaddr"(text))
WAN : 38:97:A4:xx:xx:5B (Factory, 0x24(hex))
2.4GHz: 38:97:A4:xx:xx:59 (Factory, 0x4(hex))
5GHz : 38:97:A4:xx:xx:5A (Factory, 0xA(hex)
1. Boot WRC-X6000QS in router mode normally
2. Access to the WebUI ("http://192.168.2.1/") on the device
-> その他設定 (Other settings)
-> フォームウェア更新 (Update firmware)
-> ローカルファイル指定 (Specify local file)
3. Select the OpenWrt factory.bin image and click apply ("適用") button
4. Wait ~120 seconds to complete flashing
Switching to the stock firmware:
1. Load the elecom.sh script
. /lib/upgrade/elecom.sh
2. Check the current index of firmware partition
mstc_rw_bootnum
3. Set the bootnum to opposite value between 1 and 2
mstc_rw_bootnum value
example:
- step2 returned "1": mstc_rw_bootnum 2
- step2 returned "2": mstc_rw_bootnum 1
4. Reboot, to stock FW
5. Flash the stock FW to fuly revert back to original.
Note 1: With the stock firmware, it will flash to another partition and
toggle boot to that partition when any firmware is flashed.
For example when booting on ubi, the new firmware will be flashed
to ubi_2 and the router will boot from ubi_2 afterwards.
The 5th byte of the Persist partition is the boot value (0x01 or 0x02).
During my tests, it never switched to another boot partition if the
firmware failed boot. So if openwrt doesn't boot,
UART might be required to recover.
Note 2: bootmenu_delay=0 is set from factory so uboot menu is hidden.
iw: backport scan print of RSN Element Override IEs
Backport upstream iw commit d90618809e06 ("iw: scan: print RSN
Element Override IEs") as 001-*.patch so `iw scan` decodes the
RSNOE (vendor WFA type 41) and RSNO2E (type 42) elements that
hostapd emits for WPA3 Compatibility / RSN Overriding APs.
Also refresh the hunk offsets in 200-reduce_size.patch.
Two of the IW_FULL guards in 200-reduce_size.patch were inverted
or incomplete:
* the "unknown event" handler unconditionally replaced the
verbose print with the short form, so IW_FULL builds lost
the command name decoding;
* the early return before the vendor IE parser used
#ifdef IW_FULL, which suppressed parsing in the full build
instead of the size-reduced one.
Wrap both with the correct #ifndef IW_FULL / #else so the full
and reduced builds produce the intended output.
wifi-scripts: ucode: default sae_groups to NIST ECP 19/20/21
The WPA3 and Wi-Fi Enhanced Open Deployment Guide v1.1 (Table 4,
"SAE Groups") recommends that WPA3-Personal APs advertise support
for SAE groups 19, 20 and 21:
* group 19 - ECP 256-bit (NIST P-256)
* group 20 - ECP 384-bit (NIST P-384)
* group 21 - ECP 521-bit (NIST P-521)
hostapd's default is group 19 only, which leaves the two larger
ECP groups unavailable even though the peer may prefer them.
Set sae_groups = "19 20 21" as the default for any BSS whose
auth_type is sae or psk-sae (SAE, SAE Transition and SAE
Compatibility modes).
wifi-scripts: ucode: default BIP cipher from wpa_pairwise
The WPA3 and Wi-Fi Enhanced Open Deployment and Implementation Guide
v1.1 (Tables 4, 5, 6) requires the group-management cipher (BIP) to
match the mode and strength of the pairwise cipher: GCM-mode pairwise
ciphers pair with BIP-GMAC integrity, CCM-mode pairwise ciphers with
BIP-CMAC integrity. The ucode pipeline hard-coded group_mgmt_cipher
to AES-128-CMAC (BIP-CMAC-128) regardless of the pairwise cipher,
except for the eap192 special case that already forced BIP-GMAC-256.
An EHT WPA3-Personal BSS therefore emitted wpa_pairwise=GCMP-256
alongside group_mgmt_cipher=AES-128-CMAC -- the integrity cipher two
steps weaker than the data cipher and a spec violation on EHT.
hostapd has a single group_mgmt_cipher knob, so the selected BIP has
to be compatible with every pairwise cipher in wpa_pairwise. Picking
from the first token would mis-select on mixed lists -- e.g.
wpa_pairwise=\"GCMP-256 CCMP\" would yield BIP-GMAC-256, which a
CCMP-only STA cannot negotiate.
Walk the wpa_pairwise tokens and pick the BIP that matches the
weakest cipher present:
Token matching uses fnmatch wildcards against a copy of wpa_pairwise
that is padded with leading and trailing spaces, so each token is
space-bounded regardless of its position in the list.
The RSN override pairwise lists are not consulted: in the only
caller that sets them (WPA3-Personal Compatibility Mode), Tables 6
and 7 require BIP-CMAC-128 across RSNE/RSNOE/RSNO2E even when the
override lists advertise GCMP-256, so wpa_pairwise=CCMP already
yields the correct BIP.
An explicit ieee80211w_mgmt_cipher UCI value still wins over the
derived default.
wifi-scripts: ucode: advertise Transition Disable on WPA3-only BSSes
WPA3 Specification v3.5 §13 defines the Transition Disable element sent
inside message 3 of the 4-way handshake. An AP that is no longer
offering a transition mode for its SSID sets the matching bit so that
compliant STAs permanently stop falling back to WPA-PSK / WPA-EAP /
open for that SSID, hardening against downgrade attacks and against
operator mistakes where a transition-mode BSS is briefly brought up on
an SSID that previously ran WPA3-only.
Expose this as a UCI list 'transition_disable' with three classes of
entries:
* The existing OpenWrt encryption tokens 'sae' (bit 0x01), 'sae-pk'
(0x02), 'wpa3' (0x04) and 'owe' (0x08) OR into the bitmap. SAE-PK
itself is not yet wired through wifi-scripts; the token only lets
an operator who configured SAE-PK out of band also hand the
matching bit to hostapd.
* 'on' derives the bitmap from the AP's auth_type ('sae' -> 0x01,
'eap2'/'eap192' -> 0x04, pure 'owe' -> 0x08) and overrides any
other explicit tokens in the same list. Transition BSSes
(psk-sae, eap-eap2, owe with owe_transition set) produce no
bits even under 'on' because they are by definition still in
transition.
* 'off' unconditionally suppresses the element regardless of any
other entries. Operators who need to revert a WPA3-only SSID back
to a transition mode can set this proactively, giving compliant
STAs time to forget the permanent bit before the mode change.
Leave the list unset by default. Advertising Transition Disable is a
one-way door -- once a compliant STA has seen the permanent bit for an
SSID it will refuse to associate to a transition-mode BSS of the same
name ever again -- so it must be opted in to per SSID, never flipped
on by a firmware bump. This also matches the WPA3 and Wi-Fi Enhanced
Open Deployment and Implementation Guide v1.1 Table 4 requirement that
Transition Disable be MAND disabled by default on APs.
wifi-scripts: ucode: default sae_pwe to H2E-only on 6 GHz
The WPA3 and Wi-Fi Enhanced Open Deployment and Implementation Guide
v1.1 (Tables 7 and 8) mandates "H2E Only" for SAE on 6 GHz, in both
WPA3-Personal Only and WPA3-Personal Compatibility Mode: the 6 GHz
band disallows the legacy Hunting-and-Pecking password element, so
the AP must advertise BSS Membership Selector 123 to force STAs onto
H2E.
The WPA3 and Wi-Fi Enhanced Open Deployment and Implementation Guide
v1.1 §2.4 (Tables 6 and 7) defines WPA3-Personal Compatibility Mode:
the AP advertises a legacy-looking RSNE (WPA-PSK, CCMP-128, PMF
Disabled) while RSN Override Elements layered on top expose SAE and,
on EHT, SAE-EXT-KEY. WPA2-only STAs and STAs that ignore RSN
Overriding associate unchanged; modern STAs pick up the stronger WPA3
AKM via RSNOE or RSNO2E.
Only the pairwise cipher differs between elements: RSNE and RSNOE
advertise CCMP-128, RSNO2E advertises GCMP-256 (EHT only). Group
data (CCMP-128) and group management cipher (BIP-CMAC-128) are the
same in all three per Tables 6/7, so hostapd's BSS-wide group_cipher
and group_mgmt_cipher singletons produce the spec-correct values.
Unlike WPA3-Personal Transition Mode (sae-mixed), which puts PSK and
SAE together in the main RSNE with PMF Capable, Compatibility Mode
keeps the main RSNE strictly WPA2-shaped so clients that choke on a
mixed AKM list or PMF=Capable still see a pure WPA2 BSS. The trade-
off is that clients without RSN Overriding support never pick up SAE.
wifi-scripts: ucode: enable Beacon Protection by default with PMF
The WPA3 and Wi-Fi Enhanced Open Deployment and Implementation Guide
v1.1, Table 4 (Common security configuration) marks Beacon Protection
as MAND for EHT-enabled APs and RECOM otherwise for all WPA3 and
Wi-Fi Enhanced Open modes.
The ucode path blindly passed beacon_prot through from UCI in iface
setup, which ran before encryption and MFP had been configured, and
left hostapd at its insecure default of 0 when the user did not
explicitly opt in.
Default beacon_prot to 1 in iface_mfp after MFP has been confirmed to
be enabled, and emit it there instead of in iface_setup so the option
is only written when PMF support is actually negotiated. Users can
still disable it explicitly via UCI.
WPA3 Specification v3.5 §2.5.4 mandates that an AP's BSS Configuration
enables AKM suite selector 00-0F-AC:24 (SAE-EXT-KEY, SAE with a
group-dependent hash) whenever EHT or MLO is enabled. The WPA3 and
Wi-Fi Enhanced Open Deployment Guide v1.1 also recommends it on
non-EHT APs (Tables 3, 5, 6, 8).
Add a new sae_ext_key UCI option (enabled by default) that advertises
SAE-EXT-KEY, and FT-SAE-EXT-KEY when 802.11r is enabled, alongside
plain SAE/FT-SAE for the sae and psk-sae encryption modes.
parse_encryption() stashed a preliminary wpa_pairwise value in a
local wpa3_pairwise variable, cleared it per auth_type, then let a
switch default either copy it back or special-case wpa3-192. The
result was three separate places where wpa_pairwise was clobbered
and behavior that was awkward to trace when the explicit cipher
suffix (encryption[1]) and the auth_type disagreed.
Replace the scaffolding with a single block at the end of
parse_encryption() that only assigns wpa_pairwise via ??= when no
earlier branch (explicit cipher suffix, wpa3-192, or sae-compat)
has already set one:
no WPA -> null
60 GHz (hw_mode=ad) -> GCMP
HE or EHT htmode -> GCMP-256 CCMP
everything else -> CCMP
wpa3-192 now sets wpa_pairwise='GCMP-256' directly in its switch
case, so the final default block can stay short. No functional
change for existing encryption values.
wifi-scripts: ucode: drop the generic rsn_override UCI knob
The rsn_override UCI number was scaffolding that let a Transition
Mode BSS (sae-mixed, wpa3-mixed) automatically overlay a WPA3
Compatibility-Mode-like layout: WPA3 AKMs were moved from the main
RSNE into RSNOE/RSNO2E, and with rsn_override=2 the main RSNE even
dropped SAE entirely to placate clients that refuse to associate to
a mixed AKM list.
This layout does not match any mode defined in the WPA3 and Wi-Fi
Enhanced Open Deployment and Implementation Guide v1.1: Transition
Mode (Table 5) advertises the full AKM list in a single RSNE, and
Compatibility Mode (§2.4, Tables 6 and 7) requires a specific
combination of RSNE, RSNOE and RSNO2E contents that the knob cannot
express. In practice it also triggers interop failures: Pixel 10
phones refuse to associate to a Transition-Mode BSS whose SAE-EXT-KEY
AKM has been shoved into RSNO2E by this scaffolding, even though the
same BSS works fine when the full AKM list stays in the main RSNE.
Keep the generated configuration honest by removing the knob; the RSN
override plumbing stays in place for a future caller that sets the
override fields explicitly. SAE-EXT-KEY advertisement will be added
back in a later commit via a dedicated sae_ext_key path that places
the AKM where the Deployment Guide actually requires it.
Drop the rsn_override schema entry and every wifi-scripts path that
read it:
* parse_encryption no longer diverts the WPA3 pairwise cipher
into rsn_override_pairwise.
* wpa_key_mgmt no longer mirrors WPA-EAP into
rsn_override_key_mgmt, moves SAE/SAE-EXT-KEY into the override
for psk-sae, or drops the main RSNE AKM list when
rsn_override > 1.
* generate() no longer back-fills missing rsn_override_* fields
from the main RSNE or duplicates the override element into an
MLO-gated RSNO2E.
The RSN override elements are now emitted only when each of
(rsn_override_key_mgmt, rsn_override_pairwise, rsn_override_mfp) --
and their _2 counterparts -- has been populated explicitly, which
keeps the machinery from firing on transition modes where it was
never spec-compliant.
Fixes: https://github.com/openwrt/openwrt/issues/21486 Fixes: https://github.com/openwrt/openwrt/issues/22200 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Link: https://github.com/openwrt/openwrt/pull/23009 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
wifi-scripts: ucode: do not leak SAE options onto non-SAE BSSes
sae_require_mfp and sae_pwe are SAE-specific knobs but iface_auth_type()
set them on every auth type that requires PMF (sae, owe, eap2, eap192,
dpp) and on both PMF-optional transition modes (psk-sae, eap-eap2).
hostapd silently ignores the stray settings on non-SAE BSSes, but they
clutter the generated configuration and make it harder to tell at a
glance which knobs actually apply.
Split the grouping: keep ieee80211w (and rsn_override_mfp for transition
modes) where it was, and move sae_require_mfp / sae_pwe into a separate
check that only fires for the two auth types that actually run SAE (sae
and psk-sae).
Hauke Mehrtens [Fri, 1 May 2026 16:02:22 +0000 (18:02 +0200)]
github: extend LLM review rules with three new categories
Tightened from real bot reviews:
- Patch regeneration: spell out which make ... refresh command
to recommend for each patch directory class, so the bot stops
suggesting git format-patch for quilt-managed patches.
- Backports / cherry-picks: a backport's diff should match the
upstream commit on main verbatim; flag only deviations and
the missing (cherry picked from commit <sha>) trailer, not
pre-existing style issues.
- New device support: require Hardware specification, Flash
instructions, and MAC address layout sections in the commit
message that introduces a new device. Two reference commits
(986ca4c887f4, a2dcbd79a446) named so the bot can sample the
expected shape.
Drop-in wrapper that calls the reusable LLM review workflows in
openwrt/actions-shared-workflows. Triggers on pull_request_target
(incl. PRs from forks), a nightly cron (03:00 UTC), and manual
workflow_dispatch with a max_prs input override.
A detect-kernels pre-step builds the extra_repos list at workflow
runtime: it reads target/linux/generic/kernel-* in the base branch
to derive gregkh/linux:v<X.Y.Z> tags for each currently-targeted
kernel, then appends u-boot/u-boot:master. The list updates
automatically when kernel versions are bumped; the routine clones
only the entries actually needed for a given diff.
The bundled .github/llm-review-rules.md teaches the bot two
project-specific deprecations to flag even when other in-tree files
still use the legacy form:
- LED label syntax `label = "<color>:<function>";` -->
`color = <LED_COLOR_ID_*>;` + `function = "<func>";`
- `mediatek,mtd-eeprom` for MAC sourcing -->
`nvmem-cells` + `nvmem-cell-names = "mac-address";`
Repository settings need LLM_ROUTINE_ID_PR / LLM_ROUTINE_TOKEN_PR
and the *_NIGHTLY counterparts populated before the workflow can
fire. See openwrt/actions-shared-workflows/docs/llm-review-setup.md
for the full setup procedure.
realtek: mdio: convert to generic regmap_bulk_write()
Each architecture has its own SMI address and SMI data size. Make the
current device specific coding generic by
- adding SMI start address and SMI data size to configuration structure
- moving regmap_bulk_write() over to the generic rtmdio_run_cmd()
- deleting all device specific rtmdio_xxxx_run_cmd() versions
Each target has a specific SMI register where the result of read
commands is stored. As the read logic is always the same convert
the current logic to a generic one. Instead of a target specific
coding move eveything into the configuration structure and let
rtmdio_run_cmd() do the work.
realtek: mdio: move command data into config structure
Until now the device specific I/O helpers are instrumented by individual
call parameters. Move this information over to the configuration structure.
This simplifies the code at the calling locations.
realtek: mdio: use regmap_bulk_write() in RTL931x path
Convert the RTL931x I/O path to the new bulk write pattern. For this
- Enhance the rtmdio_931x_run_cmd() helper to take care of all register
access and error handling.
- Convert the c22/c45/read/write functions so that they only prepare
the I/O data without any register access.
realtek: mdio: use regmap_bulk_write() in RTL930x path
Convert the RTL930x I/O path to the new bulk write pattern. For this
- Enhance the rtmdio_930x_run_cmd() helper to take care of all register
access and error handling.
- Convert the c22/c45/read/write functions so that they only prepare
the I/O data without any register access.
realtek: mdio: use regmap_bulk_write() in RTL839x path
Convert the RTL839x I/O path to the new bulk write pattern. For this
- Enhance the rtmdio_839x_run_cmd() helper to take care of all register
access and error handling.
- Convert the c22/c45/read/write functions so that they only prepare
the I/O data without any register access.
realtek: mdio: use regmap_bulk_write() in RTL838x path
The regmap conversion only replaced the old sw() macros with their
regmap counterparts. Neither access optimization nor error handling
took place. Redesign the mdio access as follows:
- The c22/c45/read/write functions only prepare a data structure
that describes the to-be-executed command.
- rtmdio_xxxx_run_cmd() is enhanced to bulk write the data into the
SoC, issue all the I/O and do proper error handling. Additionally
the signature is changed to allow read & write operations.
The bulk commands introduce some subtle changes.
- Before this patch only the needed registers were written. After
the conversion all phy control registers are set up.
- The register write order changes
This is no issue as the hardware starts operation when issuing the
run_cmd() and only accesses the needed registers per operation.
For now adapt only the RTL838x path. Where needed rename "err" to
"ret" for consistency with kernel conventions.
Power
Mesh (RGB Led, user controllable, default set to OpenWrt Status)
WLAN 2.4G (user controllable)
WAN (user controllable)
LAN3
LAN2
LAN1
WLAN 5G (user controllable)
Installation:
A. Through U-Boot menu:
- Prepare your connecting computer to use static IP
(legacy notation) 192.168.1.10 netmask 255.255.255.0
(CIDR notation) 192.168.1.10/24
- Power down the router and hold in the Reset button.
- While holding in the button power up the router again.
- Hold the button in for 10 seconds and then release.
- Use your browser to go to 192.168.1.1
- If you see a GUI allowing for flashing firmware you are at the right spot.
- Upload the **Factory** image file.
Note: U-Boot GUI it can be used to recover from an incorrect firmware flash.
B. Through OpenWrt Dashboard:
If your router comes with OpenWrt preinstalled (modified by the seller),
you can easily upgrade by going to the dashboard (192.168.1.1)
and then navigate to
System -> Backup/Flash firmware, then flash the firmware
Shiji Yang [Tue, 28 Apr 2026 13:06:36 +0000 (21:06 +0800)]
ramips: mt7621: disable CONFIG_PAGE_POOL_STATS
Commit 15887235c1e3 ("generic: mtk_eth_soc: reduce driver memory usage")
allows building mediatek ethernet driver without CONFIG_PAGE_POOL_STATS.
This can slightly improve throughput on legacy MIPS based MT7621 SoC.
xiao bo [Sun, 26 Apr 2026 20:40:13 +0000 (04:40 +0800)]
wireless-regdb: update to version 2026.03.18
Changes:
update regulatory database based on preceding
Update regulatory rules for India (IN) on 6GHz
Replace M2Crypto with cryptography package
Fix regulatory.bin signing with new
* Update Mozilla certificate authority bundle to version 2.82
The following certificate authorities were added (+):
+ TrustAsia TLS ECC Root CA
+ TrustAsia TLS RSA Root CA
+ SwissSign RSA TLS Root CA 2022 - 1
+ OISTE Server Root ECC G1
+ OISTE Server Root RSA G1
The following certificate authorities were removed (-):
- GlobalSign Root CA
- Entrust.net Premium 2048 Secure Server CA
- Baltimore CyberTrust Root (closes: #1121936)
- Comodo AAA Services root
- XRamp Global CA Root
- Go Daddy Class 2 CA
- Starfield Class 2 CA
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
* Use dh_usrlocal to create /usr/local/share/ca-certificates
(closes: #1127100)
Now that the stp_set() helpers have been refactored the stp_get()
helpers can be simplified. Drop the last array parameter. It is
no longer needed/evaluated by its callers.
realtek: dsa: remove family_id check from xstp_state_set()
The rtldsa_port_xstp_state_set() function offers a generic interface
to its callers to set the bridge state of one port. While it calls
device specific helpers in the background it runs the data mapping
for each architecture with a family_id check on its own. So the
hardware abstraction is done in two places
- rtldsa_port_xstp_state_set() translates one half
- its helper translate the other half
Convert the signature of the device specific helpers so that this
function does not need to know any hardware details. Instead move
the table/offset/bit calculations into the helpers. This way the
code path uses a consistent hardware abstraction.
- rtldsa_port_xstp_state_set() calls the helpers
- helpers do the hardware translation
Hannu Nyman [Sun, 26 Apr 2026 18:16:48 +0000 (21:16 +0300)]
sdk: add support to sign each .apk package by sdk
Add support to signing each package's .apk file into SDK.
This adds into SDK the feature added by f20794a to the normal builds.
Currently SDK does not sign the compiled packages, causing untrusted
package errors at package installation. The reason is the logic of
defaulting to 'n' in BUILDBOT and 'y' elsewhere. As downloadable SDKs
are compiled by the buildbot, the option gets 'n' set as the default.
And the option is not among the few build options exposed in the SDK
menuconfig, so the user can't easily change it.
Enable the feature by default:
* Exclude the SIGN_EACH_PACKAGE option from sdk/convert-config.pl
* Default to 'y' and expose the option in the SDK config menu.
(Avoiding untrusted errors naturally requires the user to copy the
public key into the router, quite similar as with full builds.)
Robert Marko [Wed, 29 Apr 2026 09:35:45 +0000 (11:35 +0200)]
microchipsw: fix LAN8814 QSGMII soft reset
Currently, moving from a port on one LAN8814 PHY package to another results
in a no traffic flowing on that new port.
It was tracked down to upstream change that fixed the issue that QSGMII
was soft reset on .config_init of each of 4 PHY-s in the package resulting
in a temporary traffic loss until QSGMII resynced.
However, it seems that the QSGMII soft reset timing is crucial and doing
the reset during probe only cause the QSGMII link to become partially
unsynced (Like 2 or 3 lanes are not synced).
So, add an upstream pending patch[1] to fix this, patch was modified as we
dont have the inband caps currently.
Ivan Romanov [Mon, 27 Apr 2026 13:43:53 +0000 (18:43 +0500)]
dropbear: require busybox pidof applet
The dropbear init script uses pidof, but BusyBox may be built
without it. Add a Kconfig dependency on BUSYBOX_CONFIG_PIDOF
to ensure the applet is available at runtime.
projects / thirdparty / openwrt.git / log
