https://wiki.funkfeuer.at/index.php?title=Knowledgebase/Digging_Into_AirOS8&feed=atom&action=historyKnowledgebase/Digging Into AirOS8 - Versionsgeschichte2024-03-28T23:47:33ZVersionsgeschichte dieser Seite in FunkFeuer WikiMediaWiki 1.36.3https://wiki.funkfeuer.at/index.php?title=Knowledgebase/Digging_Into_AirOS8&diff=3341&oldid=prevXDjackieXD: Add note about radio firmware2021-10-14T16:12:12Z<p>Add note about radio firmware</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="de">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Nächstältere Version</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Version vom 14. Oktober 2021, 16:12 Uhr</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l222">Zeile 222:</td>
<td colspan="2" class="diff-lineno">Zeile 222:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></pre></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></pre></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>While I don't know yet how to disable AirMAX, the entries in <code>/proc/sys/dev/uph_wifi0</code> and <code>/sys/module/umac</code> look very promising to poke around with.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>While I don't know yet how to disable AirMAX, the entries in <code>/proc/sys/dev/uph_wifi0</code> and <code>/sys/module/umac</code> look very promising to poke around with.</div></td></tr>
<tr><td colspan="2"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">I was looking for the two firmware files for the primary radio (the one which is used for AP with AirMax N backwards compatibility and the AirMax-AC-only one which is used for everything else) and could not find them in the filesystem.</ins></div></td></tr>
<tr><td colspan="2"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">After a bit of searching I found them compiled into the umac kernel module and extracted them. It looks like a modified version of a normal ath10k firmware in the standard format so I'll try to load this file with OpenWRT and the normal ath10k driver later.</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Management/Spectral-View Radio ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Management/Spectral-View Radio ==</div></td></tr>
</table>XDjackieXDhttps://wiki.funkfeuer.at/index.php?title=Knowledgebase/Digging_Into_AirOS8&diff=3340&oldid=prevXDjackieXD: Add link to IsoStation hardware db2021-10-06T10:39:44Z<p>Add link to IsoStation hardware db</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="de">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Nächstältere Version</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Version vom 6. Oktober 2021, 10:39 Uhr</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1">Zeile 1:</td>
<td colspan="2" class="diff-lineno">Zeile 1:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>As AirOS AC devices don't have a setting to disable AirMAX, I started to dig into the default firmware in the hopes of finding a way to disable it.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>As AirOS AC devices don't have a setting to disable AirMAX, I started to dig into the default firmware in the hopes of finding a way to disable it.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>The device examined is a IsoStation AC so all findings are specific for this device, although it probably is very similar for all AirMAX AC devices.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>The device examined is a <ins style="font-weight: bold; text-decoration: none;">[[Hardware/IsoStation_AC|Ubiquiti </ins>IsoStation AC<ins style="font-weight: bold; text-decoration: none;">]] </ins>so all findings are specific for this device, although it probably is very similar for all AirMAX AC devices.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>As of now I have not found a way to disable it but some things I found are interesting nonetheless so let's get started.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>As of now I have not found a way to disable it but some things I found are interesting nonetheless so let's get started.</div></td></tr>
</table>XDjackieXDhttps://wiki.funkfeuer.at/index.php?title=Knowledgebase/Digging_Into_AirOS8&diff=3339&oldid=prevXDjackieXD: finished the sentence2021-10-06T10:35:02Z<p>finished the sentence</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="de">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Nächstältere Version</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Version vom 6. Oktober 2021, 10:35 Uhr</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l227">Zeile 227:</td>
<td colspan="2" class="diff-lineno">Zeile 227:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Next to the main radio the device has a dual Band 802.11abgn AR9340 radio.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Next to the main radio the device has a dual Band 802.11abgn AR9340 radio.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>It is used either for the 2.4GHz management radio or the spectral view, which is why the spectral view is disabled while the management radio is enabled.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>It is used either for the 2.4GHz management radio or the spectral view, which is why the spectral view is disabled while the management radio is enabled.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>When started in spectral view mode it is set to the 5GHz band and monitor mode, while it is set to 2.4GHz in normal HostAPd-driven AP mode.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>When started in spectral view mode it is set to the 5GHz band and monitor mode, while it is set to 2.4GHz in normal HostAPd-driven AP mode <ins style="font-weight: bold; text-decoration: none;">for the management radio</ins>.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:Knowledgebase]]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:Knowledgebase]]</div></td></tr>
</table>XDjackieXDhttps://wiki.funkfeuer.at/index.php?title=Knowledgebase/Digging_Into_AirOS8&diff=3338&oldid=prevXDjackieXD: Add to category2021-10-06T10:30:50Z<p>Add to category</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="de">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Nächstältere Version</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Version vom 6. Oktober 2021, 10:30 Uhr</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1">Zeile 1:</td>
<td colspan="2" class="diff-lineno">Zeile 1:</td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">{{Knowledgebase}}</del></div></td><td colspan="2"></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>As AirOS AC devices don't have a setting to disable AirMAX, I started to dig into the default firmware in the hopes of finding a way to disable it.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>As AirOS AC devices don't have a setting to disable AirMAX, I started to dig into the default firmware in the hopes of finding a way to disable it.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The device examined is a IsoStation AC so all findings are specific for this device, although it probably is very similar for all AirMAX AC devices.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The device examined is a IsoStation AC so all findings are specific for this device, although it probably is very similar for all AirMAX AC devices.</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l230">Zeile 230:</td>
<td colspan="2" class="diff-lineno">Zeile 228:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>It is used either for the 2.4GHz management radio or the spectral view, which is why the spectral view is disabled while the management radio is enabled.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>It is used either for the 2.4GHz management radio or the spectral view, which is why the spectral view is disabled while the management radio is enabled.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>When started in spectral view mode it is set to the 5GHz band and monitor mode, while it is set to 2.4GHz in normal HostAPd-driven AP mode.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>When started in spectral view mode it is set to the 5GHz band and monitor mode, while it is set to 2.4GHz in normal HostAPd-driven AP mode.</div></td></tr>
<tr><td colspan="2"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[Category:Knowledgebase]]</ins></div></td></tr>
</table>XDjackieXDhttps://wiki.funkfeuer.at/index.php?title=Knowledgebase/Digging_Into_AirOS8&diff=3337&oldid=prevXDjackieXD: Add to category2021-10-06T10:28:25Z<p>Add to category</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="de">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Nächstältere Version</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Version vom 6. Oktober 2021, 10:28 Uhr</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1">Zeile 1:</td>
<td colspan="2" class="diff-lineno">Zeile 1:</td></tr>
<tr><td colspan="2"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">{{Knowledgebase}}</ins></div></td></tr>
<tr><td colspan="2"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>As AirOS AC devices don't have a setting to disable AirMAX, I started to dig into the default firmware in the hopes of finding a way to disable it.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>As AirOS AC devices don't have a setting to disable AirMAX, I started to dig into the default firmware in the hopes of finding a way to disable it.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The device examined is a IsoStation AC so all findings are specific for this device, although it probably is very similar for all AirMAX AC devices.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The device examined is a IsoStation AC so all findings are specific for this device, although it probably is very similar for all AirMAX AC devices.</div></td></tr>
</table>XDjackieXDhttps://wiki.funkfeuer.at/index.php?title=Knowledgebase/Digging_Into_AirOS8&diff=3336&oldid=prevXDjackieXD: Document findings in AirOS so far2021-10-06T10:26:34Z<p>Document findings in AirOS so far</p>
<p><b>Neue Seite</b></p><div>As AirOS AC devices don't have a setting to disable AirMAX, I started to dig into the default firmware in the hopes of finding a way to disable it.<br />
The device examined is a IsoStation AC so all findings are specific for this device, although it probably is very similar for all AirMAX AC devices.<br />
<br />
As of now I have not found a way to disable it but some things I found are interesting nonetheless so let's get started.<br />
<br />
== Linux System ==<br />
<br />
After logging in via SSH the first thing I noticed is the ancient Linux and GCC version of the firmware...<br />
<pre><br />
Linux version 2.6.32.68 (jenkins@1a1f8fa80aab) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.01 unknown) ) #1 Tue Jun 23 16:48:07 EEST 2020<br />
</pre><br />
<br />
While the firmware seems to be based on OpenWrt it doesn't really share anything in the userspace with OpenWrt (no overlayfs, no UCI, ...).<br />
<br />
The init system also is very different to OpenWrt with <code>/etc/init.d</code> being completely empty but all init scritps residing in <code>/etc/sysinit</code> and being called by a single entry in <code>/etc/rc.d</code>.<br />
<br />
== Main Radio ==<br />
<br />
The main radio is a <code>U-AME-G1-BR4A</code> which seems to be a customized version of the QCA988X v2 with added support for AirMAX hardware acceleration according to UBNT.<br />
When running normal OpenWrt on the device the radio accepts a normal, unmodified firmware for the QCA988X v2 and just works with the ath10k driver but without support for AirMAX (sadly).<br />
<br />
The driver used by UBNT seems to be some driver built by Atheros that is not the normal ath9k/ath10k driver as <code>lsmod</code> reports the following:<br />
<br />
<pre><br />
Module Size Used by Tainted: P <br />
ebt_redirect 880 0 <br />
ebt_mark 704 0 <br />
ebt_vlan 1552 0 <br />
ebt_stp 1840 0 <br />
ebt_pkttype 544 0 <br />
ebt_mark_m 624 0 <br />
ebt_limit 1200 0 <br />
ebt_among 2144 0 <br />
ebt_802_3 704 0 <br />
ebtable_nat 880 0 <br />
ebtable_filter 896 0 <br />
ebtable_broute 720 1 <br />
ebtables 15173 3 ebtable_nat,ebtable_filter,ebtable_broute<br />
ebt_ip6 1376 0 <br />
ebt_snat 864 0 <br />
ebt_dnat 800 0 <br />
ebt_arpreply 1040 0 <br />
ebt_ip 1248 0 <br />
ebt_arp 1552 0 <br />
ubnt_poll_host 150776 2 <br />
ath_dfs 1188829 1 <br />
em_text 1280 0 <br />
act_ipt 2400 0 <br />
sch_teql 3696 0 <br />
em_nbyte 688 0 <br />
sch_red 3472 0 <br />
cls_basic 3392 0 <br />
sch_gred 6288 0 <br />
em_meta 4608 0 <br />
em_cmp 720 0 <br />
sch_dsmark 3584 0 <br />
act_mirred 2176 0 <br />
em_u32 544 0 <br />
cls_tcindex 4160 0 <br />
cls_flow 5840 0 <br />
cls_route 5072 0 <br />
cls_fw 3264 0 <br />
sch_hfsc 14160 0 <br />
rssi_leds 2064 0 <br />
umac 2005522 2 ubnt_poll_host,rssi_leds<br />
ath_dfs_prescan 22736 0 <br />
ath_dev 221833 3 ath_dfs,umac,ath_dfs_prescan<br />
ath_spectral 24777 3 umac,ath_dev<br />
ath_rate_atheros 31174 1 ath_dev<br />
ath_hal 328906 3 umac,ath_dev,ath_rate_atheros<br />
asf 7121 7 ubnt_poll_host,ath_dfs,umac,ath_dfs_prescan,ath_dev,ath_spectral,ath_hal<br />
adf 10072 3 umac,ath_dev,ath_hal<br />
urd 54448 2 umac,ath_hal<br />
ip_gre 11952 0 <br />
pppoe 8160 0 <br />
pppox 1370 1 pppoe<br />
ppp_mppe 5168 0 <br />
ppp_async 6544 0 <br />
ppp_generic 20373 4 pppoe,pppox,ppp_mppe,ppp_async<br />
slhc 4971 1 ppp_generic<br />
nls_base 5102 0 <br />
ar724x_eth 54446 0 <br />
sha1_generic 1392 0 <br />
michael_mic 1552 0 <br />
md5 1440 0 <br />
hmac 2272 0 <br />
ecb 1296 0 <br />
des_generic 18377 0 <br />
arc4 832 0 <br />
aes_generic 30153 0 <br />
ts_fsm 2640 0 <br />
ts_bm 1440 0 <br />
ts_kmp 1296 0 <br />
crc_ccitt 1003 1 ppp_async<br />
ubnthal 303371 9 ubnt_poll_host,ath_dfs,rssi_leds,umac,ath_dev,ath_hal,ar724x_eth<br />
</pre><br />
<br />
While <code>iwconfig</code> seems to sort-of work (wlan0 is the same radio as ath0 and wlan1 is the same radio as airview1 which is replaced by ath1 if the management radio is enabled)<br />
<pre><br />
WA# iwconfig <br />
lo no wireless extensions.<br />
<br />
eth0 no wireless extensions.<br />
<br />
gre0 no wireless extensions.<br />
<br />
wifi1 no wireless extensions.<br />
<br />
teql0 no wireless extensions.<br />
<br />
br0 no wireless extensions.<br />
<br />
wifi0 no wireless extensions.<br />
<br />
ath0 IEEE 802.11ac ESSID:"" <br />
Mode:Managed Frequency:5.57 GHz Access Point: Not-Associated <br />
Bit Rate:0 kb/s Tx-Power=16 dBm <br />
RTS thr:off Fragment thr:off<br />
Center1-Freq: 5.57 GHz<br />
Encryption key:off<br />
Power Management:off<br />
Link Quality=0/94 Signal level=-96 dBm Noise level=-96 dBm<br />
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0<br />
Tx excessive retries:0 Invalid misc:0 Missed beacon:0<br />
<br />
airview1 IEEE 802.11na ESSID:"spectral" <br />
Mode:Monitor Frequency:4.92 GHz Access Point: Not-Associated <br />
Bit Rate:130 Mb/s Tx-Power=13 dBm <br />
RTS thr:off Fragment thr:off<br />
Center1-Freq: 4.92 GHz<br />
Encryption key:off<br />
Power Management:off<br />
Link Quality=0/94 Signal level=-96 dBm Noise level=-105 dBm<br />
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0<br />
Tx excessive retries:0 Invalid misc:0 Missed beacon:0<br />
</pre><br />
the <code>iw</code> tool does not work even though it is installed.<br />
<pre><br />
WA# iw list<br />
nl80211 not found.<br />
</pre><br />
<br />
The main radio is initialized using the following script in <code>/etc/sysinit</code>:<br />
<pre><br />
WA# cat radio.conf <br />
plugin_start() {<br />
insmod ath_dfs 1>/dev/null 2>&1 || true<br />
rmmod ubnt_poll_host 1>/dev/null 2>&1 || true<br />
echo 0 > /sys/module/umac/parameters/is_ubnt_ptp<br />
echo 0 > /sys/module/umac/parameters/tgdeb<br />
echo 1 > /sys/module/umac/parameters/is_ubnt_ff<br />
echo 0 > /sys/module/umac/parameters/ubnt_op_mode<br />
iwpriv "wifi0" SetTargetReset 0<br />
i=0; while [ $i -lt 3 ]; do [ ! -d /sys/class/net/wifi0 ] && break; i=$(($i+1)); sleep 1; done<br />
i=0; while [ $i -lt 3 ]; do sleep 1; [ -d /sys/class/net/wifi0 ] && break; i=$(($i+1)); done<br />
insmod ubnt_poll_host 1>/dev/null 2>&1 || true<br />
iwpriv "wifi0" setCountryID 40<br />
echo wifi0 0 1 1 > /proc/sys/dev/uph/addradio<br />
echo 1 > /proc/sys/dev/uph_wifi0/enable<br />
echo 0 > /proc/sys/dev/uph_wifi0/noack_mode<br />
echo 0 > /proc/sys/dev/uph_wifi0/daprot<br />
echo 2 0 > /proc/sys/dev/uph_wifi0/sta_priority<br />
echo 0 > /proc/sys/dev/uph_wifi0/ff_cap_rep<br />
echo 0 > /proc/sys/dev/uph_wifi0/cms_bias<br />
echo 10 > /proc/sys/dev/uph_wifi0/ff_mcast_airtime_limit<br />
echo 0 50 3 12 12 10 10 0 0 1 > /proc/sys/dev/uph_wifi0/fixed_frame<br />
echo 12 > /proc/sys/dev/uph_wifi0/sta_rx_rssi_th<br />
iwpriv "wifi0" band 2<br />
/sbin/wlanconfig "ath0" create wlandev wifi0 wlanmode ap > /dev/null 2>&1<br />
if [ $? -eq 0 ]; then<br />
echo wifi0 > /tmp/.wifi_ath0<br />
else<br />
echo "WLANCONFIG: ath0 could not created, waiting for 5 secs" > /dev/kmsg<br />
sleep 5;<br />
/sbin/wlanconfig "ath0" create wlandev wifi0 wlanmode ap > /dev/null 2>&1<br />
if [ $? -eq 0 ]; then<br />
echo wifi00 > /tmp/.wifi_ath00<br />
fi<br />
fi<br />
radartool -i "wifi0" dfsdebug 0x00000003 >/dev/null 2>&1<br />
iwpriv "ath0" mode 11ACVHT40<br />
iwpriv "wifi0" chanbw 40<br />
iwpriv "wifi0" RegObey 1<br />
iwpriv "wifi0" ant_gain 14<br />
iwpriv "wifi0" cable_loss 0<br />
iwpriv "wifi0" txchainmask 3<br />
iwpriv "wifi0" rxchainmask 3<br />
athchans -i ath0 0<br />
iwconfig "ath0" center1 5190M<br />
iwconfig "ath0" freq 5180M<br />
iwconfig "ath0" rate auto<br />
if [ -e /proc/sys/dev/ubnt_poll/no_ack_rate ]; then<br />
echo 1 -1 > /proc/sys/dev/ubnt_poll/no_ack_rate<br />
fi<br />
iwconfig "ath0" rts off<br />
iwconfig "ath0" txpower auto<br />
<br />
echo 0 0 0 0 -128 > /proc/sys/dev/uph_wifi0/atpc<br />
iwpriv "wifi0" ani_enable 0<br />
iwpriv "wifi0" sens_level -96<br />
iwpriv "ath0" shortgi 1<br />
iwpriv "ath0" cwmenable 0<br />
iwpriv "ath0" cwmmode 1<br />
iwpriv "wifi0" distance 600<br />
iwpriv "wifi0" damode 0<br />
iwpriv "wifi0" dacount 25<br />
iwpriv "ath0" puren 0<br />
iwpriv "wifi0" enable_ol_stats 1<br />
iwconfig "ath0" commit<br />
iwpriv "ath0" rc_mode 0<br />
true<br />
}<br />
plugin_stop() {<br />
killall scand<br />
pkill -9 radarmon<br />
ifconfig "wifi0" down<br />
/sbin/wlanconfig "ath0" destroy<br />
rm -f /tmp/.wifi_ath0<br />
rmmod ath_dfs 1>/dev/null 2>&1 || true<br />
true<br />
}<br />
</pre><br />
While I don't know yet how to disable AirMAX, the entries in <code>/proc/sys/dev/uph_wifi0</code> and <code>/sys/module/umac</code> look very promising to poke around with.<br />
<br />
== Management/Spectral-View Radio ==<br />
<br />
Next to the main radio the device has a dual Band 802.11abgn AR9340 radio.<br />
It is used either for the 2.4GHz management radio or the spectral view, which is why the spectral view is disabled while the management radio is enabled.<br />
When started in spectral view mode it is set to the 5GHz band and monitor mode, while it is set to 2.4GHz in normal HostAPd-driven AP mode.</div>XDjackieXD