ucentral: development update

* properly pass current firmware hash to the gateway * revert lldp downgrade patch * update ucentral-client - fixes zlib/b64 error * add radius disctionary to ucentral-defaults * several additional hostapd patches Signed-off-by: John Crispin <john@phrozen.org>
2025-11-02 03:17:48 +00:00 · 2021-05-03 10:44:10 +02:00
parent 6d859970b1
commit 1f1e7c2e04
11 changed files with 910 additions and 36 deletions
--- a/feeds/tip/tip-defaults/Makefile
+++ b/feeds/tip/tip-defaults/Makefile
@@ -0,0 +1,34 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=tip-defaults
+PKG_RELEASE:=1
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_MAINTAINER:=John Crispin <john@phrozen.org>
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/tip-defaults
+  SECTION:=ucentral
+  CATEGORY:=uCentral
+  TITLE:=tip-defaults
+endef
+
+define Package/tip-defaults/description
+ The default configuration of the AP.
+endef
+
+define Build/Prepare
+	mkdir -p $(PKG_BUILD_DIR)
+endef
+
+define Build/Compile/Default
+
+endef
+Build/Compile = $(Build/Compile/Default)
+
+define Package/tip-defaults/install
+	$(CP) ./files/* $(1)
+endef
+
+$(eval $(call BuildPackage,tip-defaults))
--- a/feeds/tip/tip-defaults/files/etc/init.d/tip-version
+++ b/feeds/tip/tip-defaults/files/etc/init.d/tip-version
@@ -0,0 +1,7 @@
+#!/bin/sh /etc/rc.common
+
+START=80
+
+boot() {
+	cat /etc/openwrt_release | grep DISTRIB_TIP= | cut -d\' -f2 > /tmp/ucentral.version
+}
--- a/feeds/ucentral/ucentral-client/Makefile
+++ b/feeds/ucentral/ucentral-client/Makefile
@@ -6,7 +6,7 @@ PKG_RELEASE:=1
 PKG_SOURCE_URL=https://github.com/blogic/ucentral-client.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-02-15
-PKG_SOURCE_VERSION:=8e29a4b24a3d479eaa455cc7befe1a560f175f6a
+PKG_SOURCE_VERSION:=ec652948983318ff97b6ecd7a6564d0853a29c6f

 PKG_LICENSE:=BSD-3-Clause
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
--- a/feeds/ucentral/ucentral-client/files/etc/init.d/ucentral
+++ b/feeds/ucentral/ucentral-client/files/etc/init.d/ucentral
@@ -13,6 +13,8 @@ start_service() {
 	[ -f /etc/ucentral/capabilities.json ] || {
 		ucode -m ubus -E board=/etc/board.json /usr/share/ucentral/capabilities.uc > /etc/ucentral/capabilities.json 
 	}
+	
+	[ -f /tmp/ucentral.version ] || cat /etc/openwrt_release | grep DISTRIB_REVISION= | cut -d\' -f2 > /tmp/ucentral.version

 	. /lib/functions.sh
 	cp /etc/config-shadow/ucentral /etc/config/
@@ -31,6 +33,7 @@ start_service() {
 	[ -n "$reporting" ] && procd_append_param command -r $reporting
 	[ "$debug" -eq 0 ] || procd_append_param command -d
 	[ "$insecure" -eq 0 ] || procd_append_param command -i
+	procd_append_param command -f $(cat /tmp/ucentral.version)
 	procd_set_param respawn 3600 5 0
 	procd_close_instance
 }
--- a/feeds/ucentral/ucentral-schema/Makefile
+++ b/feeds/ucentral/ucentral-schema/Makefile
@@ -6,7 +6,7 @@ PKG_RELEASE:=1
 PKG_SOURCE_URL=https://github.com/blogic/ucentral-schema.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-02-15
-PKG_SOURCE_VERSION:=373bd335ec30162fecfda7bca016f65fa0e83825
+PKG_SOURCE_VERSION:=82c6dfe61218a015c95c0ba320d72ecac2d85f24

 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=BSD-3-Clause
--- a/feeds/ucentral/ucentral-tools/Makefile
+++ b/feeds/ucentral/ucentral-tools/Makefile
@@ -6,7 +6,7 @@ PKG_RELEASE:=1
 PKG_SOURCE_URL=https://github.com/blogic/ucentral-tools.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-01-28
-PKG_SOURCE_VERSION:=f828db9248fe1f25a8065195083e81faaab3bd3e
+PKG_SOURCE_VERSION:=b013fc636e48d407870a46aaa68a09ed74de8d6f

 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=BSD-3-Clause
@@ -24,6 +24,7 @@ endef
 define Package/ucentral-tools/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/{dhcpdiscover,dnsprobe,radiusprobe,ip-collide} $(1)/usr/sbin/
+	$(CP) ./files/* $(1)
 endef

 $(eval $(call BuildPackage,ucentral-tools))
--- a/feeds/ucentral/ucentral-tools/files/etc/radcli/dictionary
+++ b/feeds/ucentral/ucentral-tools/files/etc/radcli/dictionary
@@ -0,0 +1,308 @@
+#
+# Updated 97/06/13 to livingston-radius-2.01 miquels@cistron.nl
+#
+#	This file contains dictionary translations for parsing
+#	requests and generating responses.  All transactions are
+#	composed of Attribute/Value Pairs.  The value of each attribute
+#	is specified as one of 4 data types.  Valid data types are:
+#
+#	string - 0-253 octets
+#	ipv4addr- 4 octets in network byte order
+#	ipv6addr  - 16 octets in network byte order
+#	ipv6prefix- up to 16 octets in network byte order, plus prefix length
+#	integer - 32 bit value in big endian order (high byte first)
+#	date - 32 bit value in big endian order - seconds since
+#					00:00:00 GMT,  Jan.  1,  1970
+#
+#	Enumerated values are stored in the user file with dictionary
+#	VALUE translations for easy administration.
+#
+#	Example:
+#
+#	ATTRIBUTE	  VALUE
+#	---------------   -----
+#	Framed-Protocol = PPP
+#	7		= 1	(integer encoding)
+#
+
+#
+#	Following are the proper new names. Use these.
+#
+ATTRIBUTE	User-Name		1	string
+ATTRIBUTE	Password		2	string
+ATTRIBUTE	CHAP-Password		3	string
+ATTRIBUTE	NAS-IP-Address		4	ipv4addr
+ATTRIBUTE	NAS-Port-Id		5	integer
+ATTRIBUTE	Service-Type		6	integer
+ATTRIBUTE	Framed-Protocol		7	integer
+ATTRIBUTE	Framed-IP-Address	8	ipv4addr
+ATTRIBUTE	Framed-IP-Netmask	9	ipv4addr
+ATTRIBUTE	Framed-Routing		10	integer
+ATTRIBUTE	Filter-Id		11	string
+ATTRIBUTE	Framed-MTU		12	integer
+ATTRIBUTE	Framed-Compression	13	integer
+ATTRIBUTE	Login-IP-Host		14	ipv4addr
+ATTRIBUTE	Login-Service		15	integer
+ATTRIBUTE	Login-TCP-Port		16	integer
+ATTRIBUTE	Reply-Message		18	string
+ATTRIBUTE	Callback-Number		19	string
+ATTRIBUTE	Callback-Id		20	string
+ATTRIBUTE	Framed-Route		22	string
+ATTRIBUTE	Framed-IPX-Network	23	ipv4addr
+ATTRIBUTE	State			24	string
+ATTRIBUTE	Class			25	string
+ATTRIBUTE	Vendor-Specific		26	string
+ATTRIBUTE	Session-Timeout		27	integer
+ATTRIBUTE	Idle-Timeout		28	integer
+ATTRIBUTE	Termination-Action	29	integer
+ATTRIBUTE	Called-Station-Id	30	string
+ATTRIBUTE	Calling-Station-Id	31	string
+ATTRIBUTE	NAS-Identifier		32	string
+ATTRIBUTE	Proxy-State		33	string
+ATTRIBUTE	Login-LAT-Service	34	string
+ATTRIBUTE	Login-LAT-Node		35	string
+ATTRIBUTE	Login-LAT-Group		36	string
+ATTRIBUTE	Framed-AppleTalk-Link	37	integer
+ATTRIBUTE	Framed-AppleTalk-Network	38	integer
+ATTRIBUTE	Framed-AppleTalk-Zone	39	string
+ATTRIBUTE	Acct-Status-Type	40	integer
+ATTRIBUTE	Acct-Delay-Time		41	integer
+ATTRIBUTE	Acct-Input-Octets	42	integer
+ATTRIBUTE	Acct-Output-Octets	43	integer
+ATTRIBUTE	Acct-Session-Id		44	string
+ATTRIBUTE	Acct-Authentic		45	integer
+ATTRIBUTE	Acct-Session-Time	46	integer
+ATTRIBUTE	Acct-Input-Packets	47	integer
+ATTRIBUTE	Acct-Output-Packets	48	integer
+ATTRIBUTE	Acct-Terminate-Cause	49	integer
+ATTRIBUTE	Acct-Multi-Session-Id	50	string
+ATTRIBUTE	Acct-Link-Count		51	integer
+ATTRIBUTE	Acct-Input-Gigawords	52	integer
+ATTRIBUTE	Acct-Output-Gigawords	53	integer
+ATTRIBUTE	Event-Timestamp		55	integer
+ATTRIBUTE	Egress-VLANID		56	string
+ATTRIBUTE	Ingress-Filters		57	integer
+ATTRIBUTE	Egress-VLAN-Name	58	string
+ATTRIBUTE	User-Priority-Table	59	string
+ATTRIBUTE	CHAP-Challenge		60	string
+ATTRIBUTE	NAS-Port-Type		61	integer
+ATTRIBUTE	Port-Limit		62	integer
+ATTRIBUTE	Login-LAT-Port		63	integer
+ATTRIBUTE	Tunnel-Type		64	string
+ATTRIBUTE	Tunnel-Medium-Type	65	string
+ATTRIBUTE	Tunnel-Client-Endpoint	66	string
+ATTRIBUTE	Tunnel-Server-Endpoint	67	string
+ATTRIBUTE	Acct-Tunnel-Connection	68	string
+ATTRIBUTE	Tunnel-Password		69	string
+ATTRIBUTE	ARAP-Password		70	string
+ATTRIBUTE	ARAP-Features		71	string
+ATTRIBUTE	ARAP-Zone-Access	72	integer
+ATTRIBUTE	ARAP-Security		73	integer
+ATTRIBUTE	ARAP-Security-Data	74	string
+ATTRIBUTE	Password-Retry		75	integer
+ATTRIBUTE	Prompt			76	integer
+ATTRIBUTE	Connect-Info		77	string
+ATTRIBUTE	Configuration-Token	78	string
+ATTRIBUTE	EAP-Message		79	string
+ATTRIBUTE	Message-Authenticator	80	string
+ATTRIBUTE	Tunnel-Private-Group-ID	81	string
+ATTRIBUTE	Tunnel-Assignment-ID	82	string
+ATTRIBUTE	Tunnel-Preference	83	string
+ATTRIBUTE	ARAP-Challenge-Response	84	string
+ATTRIBUTE	Acct-Interim-Interval	85	integer
+ATTRIBUTE	Acct-Tunnel-Packets-Lost	86	integer
+ATTRIBUTE	NAS-Port-Id-String	87	string
+ATTRIBUTE	Framed-Pool		88	string
+ATTRIBUTE	Chargeable-User-Identity	89	string
+ATTRIBUTE	Tunnel-Client-Auth-ID	90	string
+ATTRIBUTE	Tunnel-Server-Auth-ID	91	string
+ATTRIBUTE	NAS-Filter-Rule		92	string
+ATTRIBUTE	Originating-Line-Info	94	string
+ATTRIBUTE	NAS-IPv6-Address	95	ipv6addr
+ATTRIBUTE	Framed-Interface-Id	96	string
+ATTRIBUTE	Framed-IPv6-Prefix	97	ipv6prefix
+ATTRIBUTE	Login-IPv6-Host		98	ipv6addr
+ATTRIBUTE	Framed-IPv6-Route	99	string
+ATTRIBUTE	Framed-IPv6-Pool	100	string
+ATTRIBUTE	Error-Cause		101	integer
+ATTRIBUTE	EAP-Key-Name		102	string
+
+#
+#	RFC6911 IPv6 attributes
+#
+ATTRIBUTE       Delegated-IPv6-Prefix   123     ipv6prefix
+ATTRIBUTE	Framed-IPv6-Address	168	ipv6addr
+ATTRIBUTE	DNS-Server-IPv6-Address	169	ipv6addr
+ATTRIBUTE	Route-IPv6-Information	170	ipv6prefix
+
+ATTRIBUTE	Huntgroup-Name		221	string
+#
+#	Non-Protocol Attributes
+#	These attributes are used internally by the server
+#
+ATTRIBUTE	Expiration		  21	date
+ATTRIBUTE	Auth-Type		1000	integer
+ATTRIBUTE	Menu			1001	string
+ATTRIBUTE	Termination-Menu	1002	string
+ATTRIBUTE	Prefix			1003	string
+ATTRIBUTE	Suffix			1004	string
+ATTRIBUTE	Group			1005	string
+ATTRIBUTE	Crypt-Password		1006	string
+ATTRIBUTE	Connect-Rate		1007	integer
+ATTRIBUTE	User-Category		1029	string
+ATTRIBUTE	Group-Name		1030	string
+ATTRIBUTE	Simultaneous-Use	1034	integer
+ATTRIBUTE	Strip-User-Name		1035	integer
+ATTRIBUTE	Fall-Through		1036	integer
+ATTRIBUTE	Add-Port-To-IP-Address	1037	integer
+ATTRIBUTE	Exec-Program		1038	string
+ATTRIBUTE	Exec-Program-Wait	1039	string
+ATTRIBUTE	Hint			1040	string
+
+
+#
+#	Integer Translations
+#
+
+#	User Types
+
+VALUE		Service-Type		Login-User		1
+VALUE		Service-Type		Framed-User		2
+VALUE		Service-Type		Callback-Login-User	3
+VALUE		Service-Type		Callback-Framed-User	4
+VALUE		Service-Type		Outbound-User		5
+VALUE		Service-Type		Administrative-User	6
+VALUE		Service-Type		NAS-Prompt-User		7
+VALUE		Service-Type		Authenticate-Only	8
+VALUE		Service-Type		Callback-NAS-Prompt	9
+VALUE		Service-Type		Call-Check		10
+VALUE		Service-Type		Callback-Administrative	11
+
+#	Framed Protocols
+
+VALUE		Framed-Protocol		PPP			1
+VALUE		Framed-Protocol		SLIP			2
+VALUE		Framed-Protocol		ARAP			3
+VALUE		Framed-Protocol		GANDALF-SLMLP		4
+VALUE		Framed-Protocol		XYLOGICS-IPX-SLIP	5
+VALUE		Framed-Protocol		X75			6
+
+#	Framed Routing Values
+
+VALUE		Framed-Routing		None			0
+VALUE		Framed-Routing		Broadcast		1
+VALUE		Framed-Routing		Listen			2
+VALUE		Framed-Routing		Broadcast-Listen	3
+
+#	Framed Compression Types
+
+VALUE		Framed-Compression	None			0
+VALUE		Framed-Compression	Van-Jacobson-TCP-IP	1
+VALUE		Framed-Compression	IPX-Header		2
+VALUE		Framed-Compression	Stac-LZS		3
+
+#	Login Services
+
+VALUE		Login-Service		Telnet			0
+VALUE		Login-Service		Rlogin			1
+VALUE		Login-Service		TCP-Clear		2
+VALUE		Login-Service		PortMaster		3
+VALUE		Login-Service		LAT			4
+VALUE		Login-Service		X.25-PAD		5
+VALUE		Login-Service		X.25-T3POS		6
+VALUE		Login-Service		TCP-Clear-Quiet		8
+
+#	Status Types
+
+VALUE		Acct-Status-Type	Start			1
+VALUE		Acct-Status-Type	Stop			2
+VALUE		Acct-Status-Type	Alive			3
+VALUE		Acct-Status-Type	Accounting-On		7
+VALUE		Acct-Status-Type	Accounting-Off		8
+
+#	Authentication Types
+
+VALUE		Acct-Authentic		RADIUS			1
+VALUE		Acct-Authentic		Local			2
+VALUE		Acct-Authentic		Remote			3
+
+#	Termination Options
+
+VALUE		Termination-Action	Default			0
+VALUE		Termination-Action	RADIUS-Request		1
+
+#	NAS Port Types, available in 3.3.1 and later
+
+VALUE		NAS-Port-Type		Async			0
+VALUE		NAS-Port-Type		Sync			1
+VALUE		NAS-Port-Type		ISDN			2
+VALUE		NAS-Port-Type		ISDN-V120		3
+VALUE		NAS-Port-Type		ISDN-V110		4
+VALUE		NAS-Port-Type		Virtual			5
+VALUE		NAS-Port-Type		PIAFS			6
+VALUE		NAS-Port-Type		HDLC-Clear-Channel	7
+VALUE		NAS-Port-Type		X.25			8
+VALUE		NAS-Port-Type		X.75			9
+VALUE		NAS-Port-Type		G.3-Fax			10
+VALUE		NAS-Port-Type		SDSL			11
+VALUE		NAS-Port-Type		ADSL-CAP		12
+VALUE		NAS-Port-Type		ADSL-DMT		13
+VALUE		NAS-Port-Type		IDSL			14
+VALUE		NAS-Port-Type		Ethernet		15
+
+#	Acct Terminate Causes, available in 3.3.2 and later
+
+VALUE           Acct-Terminate-Cause    User-Request            1
+VALUE           Acct-Terminate-Cause    Lost-Carrier            2
+VALUE           Acct-Terminate-Cause    Lost-Service            3
+VALUE           Acct-Terminate-Cause    Idle-Timeout            4
+VALUE           Acct-Terminate-Cause    Session-Timeout         5
+VALUE           Acct-Terminate-Cause    Admin-Reset             6
+VALUE           Acct-Terminate-Cause    Admin-Reboot            7
+VALUE           Acct-Terminate-Cause    Port-Error              8
+VALUE           Acct-Terminate-Cause    NAS-Error               9
+VALUE           Acct-Terminate-Cause    NAS-Request             10
+VALUE           Acct-Terminate-Cause    NAS-Reboot              11
+VALUE           Acct-Terminate-Cause    Port-Unneeded           12
+VALUE           Acct-Terminate-Cause    Port-Preempted          13
+VALUE           Acct-Terminate-Cause    Port-Suspended          14
+VALUE           Acct-Terminate-Cause    Service-Unavailable     15
+VALUE           Acct-Terminate-Cause    Callback                16
+VALUE           Acct-Terminate-Cause    User-Error              17
+VALUE           Acct-Terminate-Cause    Host-Request            18
+
+#
+#	Non-Protocol Integer Translations
+#
+
+VALUE		Auth-Type		Local			0
+VALUE		Auth-Type		System			1
+VALUE		Auth-Type		SecurID			2
+VALUE		Auth-Type		Crypt-Local		3
+VALUE		Auth-Type		Reject			4
+
+#
+#	Cistron extensions
+#
+VALUE		Auth-Type		Pam			253
+VALUE		Auth-Type		Accept			254
+
+#
+#	Experimental Non-Protocol Integer Translations for Cistron-Radiusd
+#
+VALUE		Fall-Through		No			0
+VALUE		Fall-Through		Yes			1
+VALUE		Add-Port-To-IP-Address	No			0
+VALUE		Add-Port-To-IP-Address	Yes			1
+
+#
+#	Configuration Values
+#	uncomment these two lines to turn account expiration on
+#
+
+#VALUE		Server-Config		Password-Expiration	30
+#VALUE		Server-Config		Password-Warning	5
+
+#$INCLUDE /etc/radcli/dictionary.microsoft
+#$INCLUDE /etc/radcli/dictionary.roaringpenguin
+
--- a/patches/0018-Revert-lldpd-bump-to-1.0.7.patch
+++ b/patches/0018-Revert-lldpd-bump-to-1.0.7.patch
@@ -1,33 +0,0 @@
-From 84c59b23827969a2842d407d59cfd2aa4e50e4c2 Mon Sep 17 00:00:00 2001
-From: John Crispin <john@phrozen.org>
-Date: Wed, 9 Dec 2020 11:17:14 +0100
-Subject: [PATCH 18/21] Revert "lldpd: bump to 1.0.7"
-
-This reverts commit c5ea37af7e4ce681c93c8b727a7fdf1f795db0ed.
---
- package/network/services/lldpd/Makefile | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/package/network/services/lldpd/Makefile b/package/network/services/lldpd/Makefile
-index 74d6791091..7c00685008 100644
--- a/package/network/services/lldpd/Makefile
-+++ b/package/network/services/lldpd/Makefile
-@@ -8,12 +8,12 @@
- include $(TOPDIR)/rules.mk
- 
- PKG_NAME:=lldpd
-PKG_VERSION:=1.0.7
-PKG_RELEASE:=1
-+PKG_VERSION:=1.0.5
-+PKG_RELEASE:=2
- 
- PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
- PKG_SOURCE_URL:=https://media.luffy.cx/files/lldpd
-PKG_HASH:=1df79179d489c841b49265f2ab5ff05f284a647e95862d2f3c02b3fb079a87e1
-+PKG_HASH:=2dd3b212f4dbabfcbb2794c0010b245f9f8e74b387984e757be6243a74c6cb99
- 
- PKG_MAINTAINER:=Stijn Tintel <stijn@linux-ipv6.be>
- PKG_LICENSE:=ISC
-- 
-2.25.1
-
--- a/patches/0032-hostapd-enhance-ubus-interface.patch
+++ b/patches/0032-hostapd-enhance-ubus-interface.patch
@@ -0,0 +1,299 @@
+From 862774f19f666ddf03ce4d51396a7b6f3ac554ef Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Thu, 29 Apr 2021 10:50:06 +0200
+Subject: [PATCH 1/2] hostapd: enhance ubus interface
+
+* add a notification to the radar detected event
+* fix csa on multi bssid interfaces
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ .../hostapd/patches/600-ubus_support.patch    | 103 +++++++++++++-----
+ .../services/hostapd/src/src/ap/ubus.c        |  20 +++-
+ .../services/hostapd/src/src/ap/ubus.h        |   7 ++
+ 3 files changed, 98 insertions(+), 32 deletions(-)
+
+diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch
+index 938840755a..bd5d13b6ad 100644
+--- a/package/network/services/hostapd/patches/600-ubus_support.patch
+++ b/package/network/services/hostapd/patches/600-ubus_support.patch
+@@ -1,5 +1,7 @@
+---- a/hostapd/Makefile
+-+++ b/hostapd/Makefile
+Index: hostapd-2020-06-08-5a8b3662/hostapd/Makefile
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/hostapd/Makefile
++++ hostapd-2020-06-08-5a8b3662/hostapd/Makefile
+ @@ -171,6 +171,11 @@ OBJS += ../src/common/hw_features_common
+  
+  OBJS += ../src/eapol_auth/eapol_auth_sm.o
+@@ -12,8 +14,10 @@
+  
+  ifdef CONFIG_CODE_COVERAGE
+  CFLAGS += -O0 -fprofile-arcs -ftest-coverage
+---- a/src/ap/hostapd.h
+-+++ b/src/ap/hostapd.h
+Index: hostapd-2020-06-08-5a8b3662/src/ap/hostapd.h
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/hostapd.h
++++ hostapd-2020-06-08-5a8b3662/src/ap/hostapd.h
+ @@ -17,6 +17,7 @@
+  #include "utils/list.h"
+  #include "ap_config.h"
+@@ -47,8 +51,10 @@
+  void hostapd_interface_deinit(struct hostapd_iface *iface);
+  void hostapd_interface_free(struct hostapd_iface *iface);
+  struct hostapd_iface * hostapd_alloc_iface(void);
+---- a/src/ap/hostapd.c
+-+++ b/src/ap/hostapd.c
+Index: hostapd-2020-06-08-5a8b3662/src/ap/hostapd.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/hostapd.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/hostapd.c
+ @@ -395,6 +395,7 @@ void hostapd_free_hapd_data(struct hosta
+  	hapd->beacon_set_done = 0;
+  
+@@ -90,8 +96,10 @@
+  	hostapd_interface_deinit(iface);
+  	wpa_printf(MSG_DEBUG, "%s: driver=%p drv_priv=%p -> hapd_deinit",
+  		   __func__, driver, drv_priv);
+---- a/src/ap/ieee802_11.c
+-+++ b/src/ap/ieee802_11.c
+Index: hostapd-2020-06-08-5a8b3662/src/ap/ieee802_11.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/ieee802_11.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/ieee802_11.c
+ @@ -2327,13 +2327,18 @@ static void handle_auth(struct hostapd_d
+  	u16 auth_alg, auth_transaction, status_code;
+  	u16 resp = WLAN_STATUS_SUCCESS;
+@@ -179,8 +187,10 @@
+  	sta = ap_get_sta(hapd, mgmt->sa);
+  	if (sta == NULL) {
+  		wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
+---- a/src/ap/beacon.c
+-+++ b/src/ap/beacon.c
+Index: hostapd-2020-06-08-5a8b3662/src/ap/beacon.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/beacon.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/beacon.c
+ @@ -814,6 +814,12 @@ void handle_probe_req(struct hostapd_dat
+  	u16 csa_offs[2];
+  	size_t csa_offs_len;
+@@ -207,8 +217,10 @@
+  	/* TODO: verify that supp_rates contains at least one matching rate
+  	 * with AP configuration */
+  
+---- a/src/ap/drv_callbacks.c
+-+++ b/src/ap/drv_callbacks.c
+Index: hostapd-2020-06-08-5a8b3662/src/ap/drv_callbacks.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/drv_callbacks.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/drv_callbacks.c
+ @@ -119,6 +119,10 @@ int hostapd_notif_assoc(struct hostapd_d
+  	u16 reason = WLAN_REASON_UNSPECIFIED;
+  	int status = WLAN_STATUS_SUCCESS;
+@@ -233,8 +245,10 @@
+  #ifdef CONFIG_P2P
+  	if (elems.p2p) {
+  		wpabuf_free(sta->p2p_ie);
+---- a/src/ap/sta_info.c
+-+++ b/src/ap/sta_info.c
+Index: hostapd-2020-06-08-5a8b3662/src/ap/sta_info.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/sta_info.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/sta_info.c
+ @@ -424,6 +424,7 @@ void ap_handle_timer(void *eloop_ctx, vo
+  			       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
+  			       "local deauth request");
+@@ -259,8 +273,10 @@
+  
+  		if (hapd->msg_ctx_parent &&
+  		    hapd->msg_ctx_parent != hapd->msg_ctx)
+---- a/src/ap/wpa_auth_glue.c
+-+++ b/src/ap/wpa_auth_glue.c
+Index: hostapd-2020-06-08-5a8b3662/src/ap/wpa_auth_glue.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/wpa_auth_glue.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/wpa_auth_glue.c
+ @@ -259,6 +259,7 @@ static void hostapd_wpa_auth_psk_failure
+  	struct hostapd_data *hapd = ctx;
+  	wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
+@@ -269,8 +285,10 @@
+  }
+  
+  
+---- a/wpa_supplicant/Makefile
+-+++ b/wpa_supplicant/Makefile
+Index: hostapd-2020-06-08-5a8b3662/wpa_supplicant/Makefile
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/wpa_supplicant/Makefile
++++ hostapd-2020-06-08-5a8b3662/wpa_supplicant/Makefile
+ @@ -190,6 +190,12 @@ ifdef CONFIG_EAPOL_TEST
+  CFLAGS += -Werror -DEAPOL_TEST
+  endif
+@@ -294,8 +312,10 @@
+  endif
+  
+  CFLAGS += -DEAP_SERVER -DEAP_SERVER_IDENTITY
+---- a/wpa_supplicant/wpa_supplicant.c
+-+++ b/wpa_supplicant/wpa_supplicant.c
+Index: hostapd-2020-06-08-5a8b3662/wpa_supplicant/wpa_supplicant.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/wpa_supplicant/wpa_supplicant.c
++++ hostapd-2020-06-08-5a8b3662/wpa_supplicant/wpa_supplicant.c
+ @@ -6794,6 +6794,8 @@ struct wpa_supplicant * wpa_supplicant_a
+  	}
+  #endif /* CONFIG_P2P */
+@@ -327,8 +347,10 @@
+  	return 0;
+  }
+  
+---- a/wpa_supplicant/wpa_supplicant_i.h
+-+++ b/wpa_supplicant/wpa_supplicant_i.h
+Index: hostapd-2020-06-08-5a8b3662/wpa_supplicant/wpa_supplicant_i.h
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/wpa_supplicant/wpa_supplicant_i.h
++++ hostapd-2020-06-08-5a8b3662/wpa_supplicant/wpa_supplicant_i.h
+ @@ -17,6 +17,7 @@
+  #include "wps/wps_defs.h"
+  #include "config_ssid.h"
+@@ -354,8 +376,10 @@
+  #ifdef CONFIG_MATCH_IFACE
+  	int matched;
+  #endif /* CONFIG_MATCH_IFACE */
+---- a/wpa_supplicant/wps_supplicant.c
+-+++ b/wpa_supplicant/wps_supplicant.c
+Index: hostapd-2020-06-08-5a8b3662/wpa_supplicant/wps_supplicant.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/wpa_supplicant/wps_supplicant.c
++++ hostapd-2020-06-08-5a8b3662/wpa_supplicant/wps_supplicant.c
+ @@ -33,6 +33,7 @@
+  #include "p2p/p2p.h"
+  #include "p2p_supplicant.h"
+@@ -373,8 +397,10 @@
+  	if (wpa_s->conf->wps_cred_processing == 1)
+  		return 0;
+  
+---- a/hostapd/main.c
+-+++ b/hostapd/main.c
+Index: hostapd-2020-06-08-5a8b3662/hostapd/main.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/hostapd/main.c
++++ hostapd-2020-06-08-5a8b3662/hostapd/main.c
+ @@ -896,6 +896,7 @@ int main(int argc, char *argv[])
+  	}
+  
+@@ -391,8 +417,10 @@
+  	hostapd_global_ctrl_iface_deinit(&interfaces);
+  	/* Deinitialize all interfaces */
+  	for (i = 0; i < interfaces.count; i++) {
+---- a/wpa_supplicant/main.c
+-+++ b/wpa_supplicant/main.c
+Index: hostapd-2020-06-08-5a8b3662/wpa_supplicant/main.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/wpa_supplicant/main.c
++++ hostapd-2020-06-08-5a8b3662/wpa_supplicant/main.c
+ @@ -203,7 +203,7 @@ int main(int argc, char *argv[])
+  
+  	for (;;) {
+@@ -412,8 +440,10 @@
+  		case 'o':
+  			params.override_driver = optarg;
+  			break;
+---- a/src/ap/rrm.c
+-+++ b/src/ap/rrm.c
+Index: hostapd-2020-06-08-5a8b3662/src/ap/rrm.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/rrm.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/rrm.c
+ @@ -89,6 +89,9 @@ static void hostapd_handle_beacon_report
+  		return;
+  	wpa_msg(hapd->msg_ctx, MSG_INFO, BEACON_RESP_RX MACSTR " %u %02x %s",
+@@ -424,3 +454,16 @@
+  }
+  
+  
+Index: hostapd-2020-06-08-5a8b3662/src/ap/dfs.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/dfs.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/dfs.c
+@@ -1179,6 +1179,8 @@ int hostapd_dfs_radar_detected(struct ho
+ 		"freq=%d ht_enabled=%d chan_offset=%d chan_width=%d cf1=%d cf2=%d",
+ 		freq, ht_enabled, chan_offset, chan_width, cf1, cf2);
+ 
++	hostapd_ubus_notify_radar_detected(iface->bss[0], freq, cf1, cf2);
++
+ 	/* Proceed only if DFS is not offloaded to the driver */
+ 	if (iface->drv_flags & WPA_DRIVER_FLAGS_DFS_OFFLOAD)
+ 		return 0;
+diff --git a/package/network/services/hostapd/src/src/ap/ubus.c b/package/network/services/hostapd/src/src/ap/ubus.c
+index d03b848f94..92851077ad 100644
+--- a/package/network/services/hostapd/src/src/ap/ubus.c
+++ b/package/network/services/hostapd/src/src/ap/ubus.c
+@@ -728,6 +728,7 @@ hostapd_switch_chan(struct ubus_context *ctx, struct ubus_object *obj,
+ 	struct blob_attr *tb[__CSA_MAX];
+ 	struct hostapd_data *hapd = get_hapd_from_object(obj);
+ 	struct csa_settings css;
+	int i;
+ 
+ 	blobmsg_parse(csa_policy, __CSA_MAX, tb, blob_data(msg), blob_len(msg));
+ 
+@@ -752,9 +753,10 @@ hostapd_switch_chan(struct ubus_context *ctx, struct ubus_object *obj,
+ 	SET_CSA_SETTING(CSA_VHT, freq_params.vht_enabled, bool);
+ 	SET_CSA_SETTING(CSA_BLOCK_TX, block_tx, bool);
+ 
+	for (i = 0; i < hapd->iface->num_bss; i++)
+		if (hostapd_switch_channel(hapd->iface->bss[i], &css) != 0)
+			return UBUS_STATUS_NOT_SUPPORTED;
+ 
+-	if (hostapd_switch_channel(hapd, &css) != 0)
+-		return UBUS_STATUS_NOT_SUPPORTED;
+ 	return UBUS_STATUS_OK;
+ #undef SET_CSA_SETTING
+ }
+@@ -1550,3 +1552,17 @@ void hostapd_ubus_notify_beacon_report(
+ 
+ 	ubus_notify(ctx, &hapd->ubus.obj, "beacon-report", b.head, -1);
+ }
+
+void hostapd_ubus_notify_radar_detected(struct hostapd_data *hapd, u16 frequency,
+					u16 cf1, u16 cf2)
+{
+	if (!hapd->ubus.obj.has_subscribers)
+		return;
+
+	blob_buf_init(&b, 0);
+	blobmsg_add_u16(&b, "frequency", frequency);
+	blobmsg_add_u16(&b, "center1", cf1);
+	blobmsg_add_u16(&b, "center2", cf2);
+
+	ubus_notify(ctx, &hapd->ubus.obj, "radar-detected", b.head, -1);
+}
+diff --git a/package/network/services/hostapd/src/src/ap/ubus.h b/package/network/services/hostapd/src/src/ap/ubus.h
+index e16017394f..f84c8a91f5 100644
+--- a/package/network/services/hostapd/src/src/ap/ubus.h
+++ b/package/network/services/hostapd/src/src/ap/ubus.h
+@@ -50,6 +50,8 @@ void hostapd_ubus_notify_beacon_report(struct hostapd_data *hapd,
+ 				       const u8 *addr, u8 token, u8 rep_mode,
+ 				       struct rrm_measurement_beacon_report *rep,
+ 				       size_t len);
+void hostapd_ubus_notify_radar_detected(struct hostapd_data *hapd,
+					u16 frequency, u16 cf1, u16 cf2);
+ 
+ void hostapd_ubus_add(struct hapd_interfaces *interfaces);
+ void hostapd_ubus_free(struct hapd_interfaces *interfaces);
+@@ -91,6 +93,11 @@ static inline void hostapd_ubus_notify_beacon_report(struct hostapd_data *hapd,
+ {
+ }
+ 
+static inline void hostapd_ubus_notify_radar_detected(struct hostapd_data *hapd, u16 frequency,
+						      u16 cf1, u16 cf2)
+{
+}
+
+ static inline void hostapd_ubus_add(struct hapd_interfaces *interfaces)
+ {
+ }
+-- 
+2.25.1
+
--- a/patches/0033-hostapd-add-more-options.patch
+++ b/patches/0033-hostapd-add-more-options.patch
@@ -0,0 +1,253 @@
+From 1dc0dfaf92236247d6d0535d56687d7b1aa032c1 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Thu, 29 Apr 2021 10:51:46 +0200
+Subject: [PATCH 2/2] hostapd: add more options
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ .../network/services/hostapd/files/hostapd.sh |  20 +++-
+ ..._request-ignore-when-rssi-is-too-low.patch |  65 ++++++++++++
+ .../hostapd/patches/803-max-sta-limit.patch   | 100 ++++++++++++++++++
+ 3 files changed, 184 insertions(+), 1 deletion(-)
+ create mode 100644 package/network/services/hostapd/patches/802-probe_request-ignore-when-rssi-is-too-low.patch
+ create mode 100644 package/network/services/hostapd/patches/803-max-sta-limit.patch
+
+diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
+index eaff318c97..923f57a33d 100644
+--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
+@@ -49,6 +49,7 @@ hostapd_append_wpa_key_mgmt() {
+ 		eap192)
+ 			append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
+ 			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
+ 		;;
+ 		eap-eap192)
+ 			append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
+@@ -344,6 +345,11 @@ hostapd_common_add_bss_config() {
+ 
+ 	config_add_int eap_server
+ 	config_add_string eap_user_file ca_cert server_cert private_key private_key_passwd server_id
+
+	config_add_int beacon_rate
+	config_add_int rssi_reject_assoc_rssi
+	config_add_int rssi_ignore_probe_request
+	config_add_boolean multicast_to_unicast proxy_arp
+ }
+ 
+ hostapd_set_vlan_file() {
+@@ -511,7 +517,9 @@ hostapd_set_bss_options() {
+ 		multi_ap multi_ap_backhaul_ssid multi_ap_backhaul_key skip_inactivity_poll \
+ 		airtime_bss_weight airtime_bss_limit airtime_sta_weight \
+ 		multicast_to_unicast per_sta_vif rts_threshold \
+-		eap_server eap_user_file ca_cert server_cert private_key private_key_passwd server_id
+		eap_server eap_user_file ca_cert server_cert private_key private_key_passwd server_id \
+		rssi_reject_assoc_rssi rssi_ignore_probe_request \
+		beacon_rate proxy_arp multicast_to_unicast
+ 
+ 	set_default isolate 0
+ 	set_default maxassoc 0
+@@ -534,6 +542,10 @@ hostapd_set_bss_options() {
+ 	set_default airtime_bss_limit 0
+ 	set_default rts_threshold -1
+ 	set_default eap_server 0
+	set_default proxy_arp 0
+	set_default multicast_to_unicast 0
+	set_default rssi_reject_assoc_rssi 0
+	set_default rssi_ignore_probe_request 0
+ 
+ 	append bss_conf "ctrl_interface=/var/run/hostapd"
+ 	if [ "$isolate" -gt 0 ]; then
+@@ -562,6 +574,12 @@ hostapd_set_bss_options() {
+ 	append bss_conf "multi_ap=$multi_ap" "$N"
+ 	append bss_conf "rts_threshold=$rts_threshold" "$N"
+ 
+	[ -n "$rssi_reject_assoc_rssi" ] && append bss_conf "rssi_reject_assoc_rssi=$rssi_reject_assoc_rssi" "$N"
+	[ -n "$rssi_ignore_probe_request" ] && append bss_conf "rssi_ignore_probe_request=$rssi_ignore_probe_request" "$N"
+	[ -n "$beacon_rate" ] && append bss_conf "beacon_rate=$beacon_rate" "$N"
+	[ -n "$proxy_arp" ] && append bss_conf "proxy_arp=$proxy_arp" "$N"
+	[ -n "$multicast_to_unicast" ] && append bss_conf "multicast_to_unicast=$multicast_to_unicast" "$N"
+
+ 	[ "$tdls_prohibit" -gt 0 ] && append bss_conf "tdls_prohibit=$tdls_prohibit" "$N"
+ 
+ 	[ "$wpa" -gt 0 ] && {
+diff --git a/package/network/services/hostapd/patches/802-probe_request-ignore-when-rssi-is-too-low.patch b/package/network/services/hostapd/patches/802-probe_request-ignore-when-rssi-is-too-low.patch
+new file mode 100644
+index 0000000000..eecfdcc388
+--- /dev/null
+++ b/package/network/services/hostapd/patches/802-probe_request-ignore-when-rssi-is-too-low.patch
+@@ -0,0 +1,65 @@
+From e15b04870a7d7517a9b129d8d5cbebe6b8a25cb8 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Wed, 29 Jul 2020 17:38:15 +0200
+Subject: [PATCH 1/2] probe_request: ignore when rssi is too low
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ hostapd/config_file.c | 2 ++
+ src/ap/ap_config.c    | 1 +
+ src/ap/ap_config.h    | 1 +
+ src/ap/beacon.c       | 4 ++++
+ 4 files changed, 8 insertions(+)
+
+Index: hostapd-2020-06-08-5a8b3662/hostapd/config_file.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/hostapd/config_file.c
++++ hostapd-2020-06-08-5a8b3662/hostapd/config_file.c
+@@ -4552,6 +4552,8 @@ static int hostapd_config_fill(struct ho
+ 		conf->rssi_reject_assoc_rssi = atoi(pos);
+ 	} else if (os_strcmp(buf, "rssi_reject_assoc_timeout") == 0) {
+ 		conf->rssi_reject_assoc_timeout = atoi(pos);
++	} else if (os_strcmp(buf, "rssi_ignore_probe_request") == 0) {
++		conf->rssi_ignore_probe_request = atoi(pos);
+ 	} else if (os_strcmp(buf, "pbss") == 0) {
+ 		bss->pbss = atoi(pos);
+ 	} else if (os_strcmp(buf, "transition_disable") == 0) {
+Index: hostapd-2020-06-08-5a8b3662/src/ap/ap_config.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/ap_config.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/ap_config.c
+@@ -277,6 +277,7 @@ struct hostapd_config * hostapd_config_d
+ 
+ 	conf->rssi_reject_assoc_rssi = 0;
+ 	conf->rssi_reject_assoc_timeout = 30;
++	conf->rssi_ignore_probe_request = 0;
+ 
+ #ifdef CONFIG_AIRTIME_POLICY
+ 	conf->airtime_update_interval = AIRTIME_DEFAULT_UPDATE_INTERVAL;
+Index: hostapd-2020-06-08-5a8b3662/src/ap/ap_config.h
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/ap_config.h
++++ hostapd-2020-06-08-5a8b3662/src/ap/ap_config.h
+@@ -1051,6 +1051,7 @@ struct hostapd_config {
+ 
+ 	int rssi_reject_assoc_rssi;
+ 	int rssi_reject_assoc_timeout;
++	int rssi_ignore_probe_request;
+ 
+ #ifdef CONFIG_AIRTIME_POLICY
+ 	enum {
+Index: hostapd-2020-06-08-5a8b3662/src/ap/beacon.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/beacon.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/beacon.c
+@@ -821,6 +821,10 @@ void handle_probe_req(struct hostapd_dat
+ 		.elems = &elems,
+ 	};
+ 
++	if (hapd->iconf->rssi_ignore_probe_request && ssi_signal &&
++	    ssi_signal < hapd->iconf->rssi_ignore_probe_request)
++		return;
++
+ 	if (len < IEEE80211_HDRLEN)
+ 		return;
+ 	ie = ((const u8 *) mgmt) + IEEE80211_HDRLEN;
+diff --git a/package/network/services/hostapd/patches/803-max-sta-limit.patch b/package/network/services/hostapd/patches/803-max-sta-limit.patch
+new file mode 100644
+index 0000000000..4c33d7e772
+--- /dev/null
+++ b/package/network/services/hostapd/patches/803-max-sta-limit.patch
+@@ -0,0 +1,100 @@
+Index: hostapd-2020-06-08-5a8b3662/hostapd/config_file.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/hostapd/config_file.c
++++ hostapd-2020-06-08-5a8b3662/hostapd/config_file.c
+@@ -2909,6 +2909,11 @@ static int hostapd_config_fill(struct ho
+ 				   line);
+ 			return 1;
+ 		}
++	} else if (os_strcmp(buf, "global_max_num_sta") == 0) {
++		conf->global_max_num_sta = atoi(pos);
++		if (conf->global_max_num_sta < 0 ||
++		    conf->global_max_num_sta > MAX_STA_COUNT)
++			conf->global_max_num_sta = MAX_STA_COUNT;
+ 	} else if (os_strcmp(buf, "max_num_sta") == 0) {
+ 		bss->max_num_sta = atoi(pos);
+ 		if (bss->max_num_sta < 0 ||
+Index: hostapd-2020-06-08-5a8b3662/src/ap/ap_config.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/ap_config.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/ap_config.c
+@@ -223,6 +223,8 @@ struct hostapd_config * hostapd_config_d
+ 
+ 	conf->num_bss = 1;
+ 
++	conf->global_max_num_sta = 0;
++
+ 	conf->beacon_int = 100;
+ 	conf->rts_threshold = -2; /* use driver default: 2347 */
+ 	conf->fragm_threshold = -2; /* user driver default: 2346 */
+Index: hostapd-2020-06-08-5a8b3662/src/ap/ap_config.h
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/ap_config.h
++++ hostapd-2020-06-08-5a8b3662/src/ap/ap_config.h
+@@ -1067,6 +1067,7 @@ struct hostapd_config {
+ 	char *config_id;
+ 
+ 	u8 notify_mgmt_frames;
++	int global_max_num_sta;
+ };
+ 
+ 
+Index: hostapd-2020-06-08-5a8b3662/src/ap/beacon.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/beacon.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/beacon.c
+@@ -1030,7 +1030,8 @@ void handle_probe_req(struct hostapd_dat
+ 	if (hapd->conf->no_probe_resp_if_max_sta &&
+ 	    is_multicast_ether_addr(mgmt->da) &&
+ 	    is_multicast_ether_addr(mgmt->bssid) &&
+-	    hapd->num_sta >= hapd->conf->max_num_sta &&
++	    hapd_check_max_sta(hapd) &&
++//	    hapd->num_sta >= hapd->conf->max_num_sta &&
+ 	    !ap_get_sta(hapd, mgmt->sa)) {
+ 		wpa_printf(MSG_MSGDUMP, "%s: Ignore Probe Request from " MACSTR
+ 			   " since no room for additional STA",
+Index: hostapd-2020-06-08-5a8b3662/src/ap/sta_info.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/sta_info.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/sta_info.c
+@@ -682,7 +682,8 @@ struct sta_info * ap_sta_add(struct host
+ 		return sta;
+ 
+ 	wpa_printf(MSG_DEBUG, "  New STA");
+-	if (hapd->num_sta >= hapd->conf->max_num_sta) {
++	if (hapd_check_max_sta(hapd)) {
++//	if (hapd->num_sta >= hapd->conf->max_num_sta) {
+ 		/* FIX: might try to remove some old STAs first? */
+ 		wpa_printf(MSG_DEBUG, "no more room for new STAs (%d/%d)",
+ 			   hapd->num_sta, hapd->conf->max_num_sta);
+Index: hostapd-2020-06-08-5a8b3662/src/ap/hostapd.c
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/hostapd.c
++++ hostapd-2020-06-08-5a8b3662/src/ap/hostapd.c
+@@ -3776,3 +3776,15 @@ void hostapd_ocv_check_csa_sa_query(void
+ 	}
+ }
+ #endif /* CONFIG_OCV */
++
++int hapd_check_max_sta(struct hostapd_data *hapd)
++{
++	int cnt = 0, i;
++
++	if (!hapd->iconf->global_max_num_sta)
++		return hapd->num_sta >= hapd->conf->max_num_sta;
++
++	for (i = 0; i < hapd->iface->num_bss; i++)
++		cnt += hapd->iface->bss[i]->num_sta;
++	return cnt >= hapd->iconf->global_max_num_sta;
++}
+Index: hostapd-2020-06-08-5a8b3662/src/ap/hostapd.h
+===================================================================
+--- hostapd-2020-06-08-5a8b3662.orig/src/ap/hostapd.h
++++ hostapd-2020-06-08-5a8b3662/src/ap/hostapd.h
+@@ -689,4 +689,6 @@ void fst_hostapd_fill_iface_obj(struct h
+ 				struct fst_wpa_obj *iface_obj);
+ #endif /* CONFIG_FST */
+ 
++int hapd_check_max_sta(struct hostapd_data *hapd);
++
+ #endif /* HOSTAPD_H */
+-- 
+2.25.1
+
--- a/profiles/ucentral-ap.yml
+++ b/profiles/ucentral-ap.yml
@@ -21,7 +21,9 @@ packages:
  - radsecproxy
  - ratelimit
  - rtty-openssl
+  - sqm-scripts
  - tcpdump
+  - tip-defaults
  - tmate
  - ucentral-client
  - ucentral-event