hostapd: sync patches

Fixes: WIFI-14118 Signed-off-by: John Crispin <john@phrozen.org>
2025-10-30 01:52:51 +00:00 · 2024-09-10 16:00:57 +02:00
parent c235143c16
commit aedbf9794e
18 changed files with 1463 additions and 280 deletions
--- a/feeds/mediatek-sdk/hostapd/files/hostapd.sh
+++ b/feeds/mediatek-sdk/hostapd/files/hostapd.sh
@@ -47,8 +47,8 @@ hostapd_append_wpa_key_mgmt() {
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
 		;;
 		eap192)
-			append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
-			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+			[ "${ieee80211r:-0}" -gt 0 ] || append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
+			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP-SHA384"
 		;;
 		eap-eap2)
 			append wpa_key_mgmt "WPA-EAP"
@@ -73,6 +73,11 @@ hostapd_append_wpa_key_mgmt() {
 		owe)
 			append wpa_key_mgmt "OWE"
 		;;
+		psk2-radius)
+			append wpa_key_mgmt "WPA-PSK"
+			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK"
+			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256"
+		;;
 	esac

 	[ "$fils" -gt 0 ] && {
@@ -126,9 +131,30 @@ hostapd_common_add_device_config() {

 	config_add_boolean multiple_bssid rnr_beacon he_co_locate ema

+	config_add_boolean afc
+	config_add_string \
+		afc_request_version afc_request_id afc_serial_number \
+		afc_location_type afc_location afc_height afc_height_type
+	config_add_array afc_cert_ids afc_freq_range afc_op_class
+	config_add_int \
+		afc_min_power afc_major_axis afc_minor_axis afc_orientation \
+		afc_vertical_tolerance
+
 	hostapd_add_log_config
 }

+
+hostapd_get_list() {
+	local var="$1"
+	local field="$2"
+
+	local cur __val_list
+	json_get_values __val_list "$field"
+	for cur in $__val_list; do
+		append "$var" "$cur" ","
+	done
+}
+
 hostapd_prepare_device_config() {
 	local config="$1"
 	local driver="$2"
@@ -139,7 +165,7 @@ hostapd_prepare_device_config() {
 		acs_chan_bias local_pwr_constraint spectrum_mgmt_required airtime_mode cell_density \
 		rts_threshold beacon_rate rssi_reject_assoc_rssi rssi_ignore_probe_request maxassoc \
 		multiple_bssid he_co_locate rnr_beacon ema acs_exclude_dfs \
-		maxassoc_ignore_probe
+		maxassoc_ignore_probe band

 	hostapd_set_log_options base_cfg

@@ -252,6 +278,45 @@ hostapd_prepare_device_config() {
 	[ "$multiple_bssid" -gt 0 ] && append base_cfg "multiple_bssid=$multiple_bssid" "$N"
 	[ "$ema" -gt 0 ] && append base_cfg "ema=$ema" "$N"
 	[ "$acs_exclude_dfs" -gt 0 ] && append base_cfg "acs_exclude_dfs=$acs_exclude_dfs" "$N"
+	if [ "$band" = "6g" ]; then
+		json_get_vars afc he_6ghz_reg_pwr_type
+	else
+		afc=0
+		he_6ghz_reg_pwr_type=
+	fi
+	set_default afc 0
+	[ "$afc" -gt 0 ] && {
+		for v in afc_request_version afc_request_id afc_serial_number afc_min_power afc_height afc_height_type afc_vertical_tolerance \
+				 afc_major_axis afc_minor_axis afc_orientation; do
+			json_get_var val $v
+			append base_cfg "$v=$val" "$N"
+		done
+
+		for v in afc_cert_ids afc_op_class afc_freq_range; do
+			val=
+			hostapd_get_list val $v
+			append base_cfg "$v=$val" "$N"
+		done
+
+		json_get_vars afc_location_type afc_location
+		case "$afc_location_type" in
+			ellipse)
+				append base_cfg "afc_location_type=0" "$N"
+				append base_cfg "afc_linear_polygon=$afc_location" "$N"
+			;;
+			linear_polygon)
+				append base_cfg "afc_location_type=1" "$N"
+				append base_cfg "afc_linear_polygon=$afc_location" "$N"
+			;;
+			radial_polygon)
+				append base_cfg "afc_location_type=2" "$N"
+				append base_cfg "afc_radial_polygon=$afc_location" "$N"
+			;;
+		esac
+
+		he_6ghz_reg_pwr_type=1
+	}
+	[ -n "$he_6ghz_reg_pwr_type" ] && append base_cfg "he_6ghz_reg_pwr_type=$he_6ghz_reg_pwr_type" "$N"

 	json_get_values opts hostapd_options
 	for val in $opts; do
@@ -344,8 +409,8 @@ hostapd_common_add_bss_config() {
 	config_add_string lci civic

 	config_add_boolean ieee80211r pmk_r1_push ft_psk_generate_local ft_over_ds
-	config_add_int r0_key_lifetime reassociation_deadline
-	config_add_string mobility_domain r1_key_holder
+	config_add_int r0_key_lifetime reassociation_deadline ft_l2_refresh
+	config_add_string mobility_domain r1_key_holder ft_key
 	config_add_array r0kh r1kh

 	config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout
@@ -439,6 +504,7 @@ hostapd_set_psk() {
 	local ifname="$1"

 	rm -f /var/run/hostapd-${ifname}.psk
+	touch /var/run/hostapd-${ifname}.psk
 	for_each_station hostapd_set_psk_file ${ifname}
 }

@@ -602,7 +668,7 @@ append_radius_server() {
 	set_default dae_port 3799
 	set_default request_cui 0

-	[ "$eap_server" -eq 0 ] && {
+	[ "$eap_server" -eq 0  -a -n "$auth_server" ] && {
 		append bss_conf "auth_server_addr=$auth_server" "$N"
 		append bss_conf "auth_server_port=$auth_port" "$N"
 		append bss_conf "auth_server_shared_secret=$auth_secret" "$N"
@@ -724,8 +790,7 @@ hostapd_set_bss_options() {
 		[ -n "$wpa_strict_rekey" ] && append bss_conf "wpa_strict_rekey=$wpa_strict_rekey" "$N"
 	}

-	set_default nasid "${macaddr//\:}"
-	append bss_conf "nas_identifier=$nasid" "$N"
+	[ -n "$nasid" ] && append bss_conf "nas_identifier=$nasid" "$N"

 	[ -n "$acct_server" ] && {
 		append bss_conf "acct_server_addr=$acct_server" "$N"
@@ -772,9 +837,7 @@ hostapd_set_bss_options() {
 			# with WPS enabled, we got to be in unconfigured state.
 			wps_not_configured=1
 			vlan_possible=1
-			[ "$macfilter" = radius ] && {
-				append_radius_server
-			}
+			append_radius_server
 		;;
 		psk|sae|psk-sae)
 			json_get_vars key wpa_psk_file
@@ -793,6 +856,7 @@ hostapd_set_bss_options() {
 			}
 			[ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N"

+			append_radius_server
 			set_default dynamic_vlan 0
 			vlan_possible=1
 			wps_possible=1
@@ -925,10 +989,11 @@ hostapd_set_bss_options() {
 		set_default ieee80211r 0

 		if [ "$ieee80211r" -gt "0" ]; then
-			json_get_vars mobility_domain ft_psk_generate_local ft_over_ds reassociation_deadline
+			json_get_vars mobility_domain ft_psk_generate_local ft_over_ds reassociation_deadline ft_l2_refresh

 			set_default mobility_domain "$(echo "$ssid" | md5sum | head -c 4)"
 			set_default ft_over_ds 1
+			set_default ft_l2_refresh 30
 			set_default reassociation_deadline 1000
 			skip_kh_setup=0

@@ -951,9 +1016,10 @@ hostapd_set_bss_options() {
 			append bss_conf "ft_psk_generate_local=$ft_psk_generate_local" "$N"
 			append bss_conf "ft_over_ds=$ft_over_ds" "$N"
 			append bss_conf "reassociation_deadline=$reassociation_deadline" "$N"
+			[ -n "$ft_l2_refresh" ] && append bss_conf "ft_l2_refresh=$ft_l2_refresh" "$N"

 			if [ "$skip_kh_setup" -eq "0" ]; then
-				json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push
+				json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push ft_key
 				json_get_values r0kh r0kh
 				json_get_values r1kh r1kh

@@ -961,12 +1027,15 @@ hostapd_set_bss_options() {
 				set_default pmk_r1_push 0

 				[ -n "$r0kh" -a -n "$r1kh" ] || {
-					key=`echo -n "$mobility_domain/$auth_secret" | md5sum | awk '{print $1}'`
+					[ -z "$ft_key" ] && {
+						key=`echo -n "$mobility_domain/$auth_secret" | md5sum | awk '{print $1}'`

-					set_default r0kh "ff:ff:ff:ff:ff:ff,*,$key"
-					set_default r1kh "00:00:00:00:00:00,00:00:00:00:00:00,$key"
+						set_default r0kh "ff:ff:ff:ff:ff:ff,*,$key"
+						set_default r1kh "00:00:00:00:00:00,00:00:00:00:00:00,$key"
+					}
 				}

+				[ -n "$ft_key" ] && append bss_conf "ft_key=$ft_key" "$N"
 				[ -n "$r1_key_holder" ] && append bss_conf "r1_key_holder=$r1_key_holder" "$N"
 				append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N"
 				append bss_conf "pmk_r1_push=$pmk_r1_push" "$N"
--- a/feeds/mediatek-sdk/hostapd/patches/600-ubus_support.patch
+++ b/feeds/mediatek-sdk/hostapd/patches/600-ubus_support.patch
@@ -292,7 +292,7 @@
 
 -		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s",
 -			buf, ip_addr, keyid_buf, dpp_pkhash_buf);
-+		hostapd_ubus_notify_authorized(hapd, sta, auth_alg);
+		hostapd_ubus_notify_authorized(hapd, sta);
 +		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s%s",
 +			buf, ip_addr, keyid_buf, dpp_pkhash_buf, alg_buf);
 
@@ -458,16 +458,6 @@
 }
 
 
-@@ -352,6 +355,9 @@ void hostapd_handle_radio_measurement(st
- 		   mgmt->u.action.u.rrm.action, MAC2STR(mgmt->sa));
- 
- 	switch (mgmt->u.action.u.rrm.action) {
-+	case WLAN_RRM_LINK_MEASUREMENT_REPORT:
-+		hostapd_ubus_handle_link_measurement(hapd, buf, len);
-+		break;
- 	case WLAN_RRM_RADIO_MEASUREMENT_REPORT:
- 		hostapd_handle_radio_msmt_report(hapd, buf, len);
- 		break;
 --- a/src/ap/vlan_init.c
 +++ b/src/ap/vlan_init.c
@@ -22,6 +22,7 @@
--- a/feeds/mediatek-sdk/hostapd/patches/601-ucode_support.patch
+++ b/feeds/mediatek-sdk/hostapd/patches/601-ucode_support.patch
@@ -88,6 +88,14 @@
 void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
 			   int reassoc);
 void hostapd_interface_deinit_free(struct hostapd_iface *iface);
+@@ -732,6 +741,7 @@ hostapd_switch_channel_fallback(struct h
+ void hostapd_cleanup_cs_params(struct hostapd_data *hapd);
+ void hostapd_periodic_iface(struct hostapd_iface *iface);
+ int hostapd_owe_trans_get_info(struct hostapd_data *hapd);
+void hostapd_owe_update_trans(struct hostapd_iface *iface);
+ void hostapd_ocv_check_csa_sa_query(void *eloop_ctx, void *timeout_ctx);
+ 
+ void hostapd_switch_color(struct hostapd_data *hapd, u64 bitmap);
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
@@ -252,6 +252,8 @@ int hostapd_reload_config(struct hostapd
@@ -107,6 +115,15 @@
 	hostapd_ubus_free_bss(hapd);
 	accounting_deinit(hapd);
 	hostapd_deinit_wpa(hapd);
+@@ -538,7 +541,7 @@ void hostapd_free_hapd_data(struct hosta
+  * Most of the modules that are initialized in hostapd_setup_bss() are
+  * deinitialized here.
+  */
+-static void hostapd_cleanup(struct hostapd_data *hapd)
+void hostapd_cleanup(struct hostapd_data *hapd)
+ {
+ 	wpa_printf(MSG_DEBUG, "%s(hapd=%p (%s))", __func__, hapd,
+ 		   hapd->conf ? hapd->conf->iface : "N/A");
@@ -600,6 +603,7 @@ void hostapd_cleanup_iface_partial(struc
 static void hostapd_cleanup_iface(struct hostapd_iface *iface)
 {
@@ -123,17 +140,25 @@
 
 	return 0;
 }
-@@ -1211,8 +1216,7 @@ static int hostapd_start_beacon(struct h
+@@ -1211,7 +1216,7 @@ static int hostapd_start_beacon(struct h
  * initialized. Most of the modules that are initialized here will be
  * deinitialized in hostapd_cleanup().
  */
 -static int hostapd_setup_bss(struct hostapd_data *hapd, int first,
-			     bool start_beacon)
-+int hostapd_setup_bss(struct hostapd_data *hapd, int first, bool start_beacon)
+int hostapd_setup_bss(struct hostapd_data *hapd, int first,
+ 			     bool start_beacon)
 {
 	struct hostapd_bss_config *conf = hapd->conf;
- 	u8 ssid[SSID_MAX_LEN + 1];
-@@ -2698,7 +2702,7 @@ hostapd_alloc_bss_data(struct hostapd_if
+@@ -2237,7 +2242,7 @@ static int hostapd_owe_iface_iter2(struc
+ #endif /* CONFIG_OWE */
+ 
+ 
+-static void hostapd_owe_update_trans(struct hostapd_iface *iface)
+void hostapd_owe_update_trans(struct hostapd_iface *iface)
+ {
+ #ifdef CONFIG_OWE
+ 	/* Check whether the enabled BSS can complete OWE transition mode
+@@ -2698,7 +2703,7 @@ hostapd_alloc_bss_data(struct hostapd_if
 }
 
 
@@ -142,7 +167,7 @@
 {
 	if (!hapd)
 		return;
-@@ -3491,7 +3495,8 @@ int hostapd_remove_iface(struct hapd_int
+@@ -3491,7 +3496,8 @@ int hostapd_remove_iface(struct hapd_int
 		hapd_iface = interfaces->iface[i];
 		if (hapd_iface == NULL)
 			return -1;
@@ -353,7 +378,7 @@
 				     tb[NL80211_ATTR_CENTER_FREQ1],
 				     tb[NL80211_ATTR_CENTER_FREQ2],
 				     tb[NL80211_ATTR_PUNCT_BITMAP],
-+				     NULL,
+					 NULL,
 				     1);
 		break;
 	case NL80211_CMD_DISCONNECT:
@@ -551,3 +576,148 @@
 	.send_mlme = driver_nl80211_send_mlme,
 	.get_hw_feature_data = nl80211_get_hw_feature_data,
 	.sta_add = wpa_driver_nl80211_sta_add,
+--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
+@@ -547,11 +547,16 @@ static const char * sae_get_password(str
+ 				     struct sae_pt **s_pt,
+ 				     const struct sae_pk **s_pk)
+ {
+	struct hostapd_bss_config *conf = hapd->conf;
+	struct hostapd_ssid *ssid = &conf->ssid;
+	struct hostapd_sta_wpa_psk_short *psk;
+ 	const char *password = NULL;
+-	struct sae_password_entry *pw;
+-	struct sae_pt *pt = NULL;
+-	const struct sae_pk *pk = NULL;
+-	struct hostapd_sta_wpa_psk_short *psk = NULL;
+	struct sae_password_entry *pw = NULL;
+ 	struct sae_pt *pt = NULL;
+ 	const struct sae_pk *pk = NULL;
+ 
+	if (sta && sta->use_sta_psk)
+		goto use_sta_psk;
+ 
+ 	for (pw = hapd->conf->sae_passwords; pw; pw = pw->next) {
+ 		if (!is_broadcast_ether_addr(pw->peer_addr) &&
+@@ -582,6 +587,31 @@ static const char * sae_get_password(str
+ 		}
+ 	}
+ 
+use_sta_psk:
+	if (!password && sta) {
+		for (psk = sta->psk; psk; psk = psk->next) {
+			if (!psk->is_passphrase)
+				continue;
+
+			password = psk->passphrase;
+			if (!sta->use_sta_psk)
+				break;
+
+			if (sta->sae_pt) {
+				pt = sta->sae_pt;
+				break;
+			}
+
+			pt = sae_derive_pt(conf->sae_groups, ssid->ssid,
+					   ssid->ssid_len,
+					   (const u8 *) password,
+					   os_strlen(password),
+					   NULL);
+			sta->sae_pt = pt;
+			break;
+		}
+	}
+
+ 	if (pw_entry)
+ 		*pw_entry = pw;
+ 	if (s_pt)
+@@ -3105,6 +3135,12 @@ static void handle_auth(struct hostapd_d
+ 		goto fail;
+ 	}
+ 
+	res = hostapd_ucode_sta_auth(hapd, sta);
+	if (res) {
+		resp = res;
+		goto fail;
+	}
+
+ 	sta->flags &= ~WLAN_STA_PREAUTH;
+ 	ieee802_1x_notify_pre_auth(sta->eapol_sm, 0);
+ 
+--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
+@@ -425,6 +425,9 @@ void ap_free_sta(struct hostapd_data *ha
+ 	forced_memzero(sta->last_tk, WPA_TK_MAX_LEN);
+ #endif /* CONFIG_TESTING_OPTIONS */
+ 
+	if (sta->sae_pt)
+		sae_deinit_pt(sta->sae_pt);
+
+ 	os_free(sta);
+ }
+ 
+@@ -1326,6 +1329,8 @@ void ap_sta_set_authorized(struct hostap
+ 		sta->flags &= ~WLAN_STA_AUTHORIZED;
+ 	}
+ 
+	if (authorized)
+		hostapd_ucode_sta_connected(hapd, sta);
+ #ifdef CONFIG_P2P
+ 	if (hapd->p2p_group == NULL) {
+ 		if (sta->p2p_ie != NULL &&
+--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
+@@ -198,6 +198,9 @@ struct sta_info {
+ 	int vlan_id_bound; /* updated by ap_sta_bind_vlan() */
+ 	 /* PSKs from RADIUS authentication server */
+ 	struct hostapd_sta_wpa_psk_short *psk;
+	struct sae_pt *sae_pt;
+	int use_sta_psk;
+	int psk_idx;
+ 
+ 	char *identity; /* User-Name from RADIUS */
+ 	char *radius_cui; /* Chargeable-User-Identity from RADIUS */
+--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
+@@ -341,6 +341,7 @@ static const u8 * hostapd_wpa_auth_get_p
+ 	struct sta_info *sta = ap_get_sta(hapd, addr);
+ 	const u8 *psk;
+ 
+	sta->psk_idx = 0;
+ 	if (vlan_id)
+ 		*vlan_id = 0;
+ 	if (psk_len)
+@@ -387,13 +388,18 @@ static const u8 * hostapd_wpa_auth_get_p
+ 	 * returned psk which should not be returned again.
+ 	 * logic list (all hostapd_get_psk; all sta->psk)
+ 	 */
+	if (sta && sta->use_sta_psk)
+		psk = NULL;
+ 	if (sta && sta->psk && !psk) {
+ 		struct hostapd_sta_wpa_psk_short *pos;
+		int psk_idx;
+ 
+ 		if (vlan_id)
+ 			*vlan_id = 0;
+ 		psk = sta->psk->psk;
+		sta->psk_idx = psk_idx = 1;
+ 		for (pos = sta->psk; pos; pos = pos->next) {
+			psk_idx++;
+ 			if (pos->is_passphrase) {
+ 				if (pbkdf2_sha1(pos->passphrase,
+ 						hapd->conf->ssid.ssid,
+@@ -406,10 +412,14 @@ static const u8 * hostapd_wpa_auth_get_p
+ 				pos->is_passphrase = 0;
+ 			}
+ 			if (pos->psk == prev_psk) {
+				sta->psk_idx = psk_idx;
+ 				psk = pos->next ? pos->next->psk : NULL;
+ 				break;
+ 			}
+ 		}
+
+		if (!psk)
+			sta->psk_idx = 0;
+ 	}
+ 	return psk;
+ }
--- a/feeds/mediatek-sdk/hostapd/patches/751-wispr-ft.patch
+++ b/feeds/mediatek-sdk/hostapd/patches/751-wispr-ft.patch
@@ -0,0 +1,539 @@
+--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
+@@ -16,7 +16,11 @@
+ 
+ struct vlan_description;
+ struct mld_info;
+-
+struct rate_description {
+	u32 rx;
+	u32 tx;
+};
+ 
+ #define MAX_OWN_IE_OVERRIDE 256
+ 
+ #ifdef _MSC_VER
+@@ -88,6 +92,7 @@ struct ft_rrb_frame {
+ #define FT_RRB_IDENTITY      15
+ #define FT_RRB_RADIUS_CUI    16
+ #define FT_RRB_SESSION_TIMEOUT  17 /* le32 seconds */
+#define FT_RRB_RATE_LIMIT	18
+ 
+ struct ft_rrb_tlv {
+ 	le16 type;
+@@ -368,6 +373,10 @@ struct wpa_auth_callbacks {
+ 			struct vlan_description *vlan);
+ 	int (*get_vlan)(void *ctx, const u8 *sta_addr,
+ 			struct vlan_description *vlan);
+	int (*set_rate_limit)(void *ctx, const u8 *sta_addr,
+			      struct rate_description *rate);
+	int (*get_rate_limit)(void *ctx, const u8 *sta_addr,
+			      struct rate_description *rate);
+ 	int (*set_identity)(void *ctx, const u8 *sta_addr,
+ 			    const u8 *identity, size_t identity_len);
+ 	size_t (*get_identity)(void *ctx, const u8 *sta_addr, const u8 **buf);
+@@ -536,7 +545,7 @@ int wpa_ft_fetch_pmk_r1(struct wpa_authe
+ 			struct vlan_description *vlan,
+ 			const u8 **identity, size_t *identity_len,
+ 			const u8 **radius_cui, size_t *radius_cui_len,
+-			int *session_timeout);
+			int *session_timeout, struct rate_description *rate);
+ 
+ #endif /* CONFIG_IEEE80211R_AP */
+ 
+--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
+@@ -1200,6 +1200,40 @@ static int hostapd_wpa_auth_get_vlan(voi
+ }
+ 
+ 
+static int hostapd_wpa_auth_set_rate_limit(void *ctx, const u8 *sta_addr,
+					   struct rate_description *rate)
+{
+	struct hostapd_data *hapd = ctx;
+	struct sta_info *sta;
+
+	sta = ap_get_sta(hapd, sta_addr);
+	if (!sta || !sta->wpa_sm)
+		return -1;
+
+	memcpy(sta->bandwidth, rate, sizeof(*rate));
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+		       HOSTAPD_LEVEL_INFO, "rate-limit %d %d", sta->bandwidth[0], sta->bandwidth[1]);
+
+	return 0;
+}
+
+
+static int hostapd_wpa_auth_get_rate_limit(void *ctx, const u8 *sta_addr,
+					   struct rate_description *rate)
+{
+	struct hostapd_data *hapd = ctx;
+	struct sta_info *sta;
+
+	sta = ap_get_sta(hapd, sta_addr);
+	if (!sta)
+		return -1;
+
+	memcpy(rate, sta->bandwidth, sizeof(*rate));
+
+	return 0;
+}
+
+
+ static int
+ hostapd_wpa_auth_set_identity(void *ctx, const u8 *sta_addr,
+ 			      const u8 *identity, size_t identity_len)
+@@ -1640,6 +1674,8 @@ int hostapd_setup_wpa(struct hostapd_dat
+ 		.add_tspec = hostapd_wpa_auth_add_tspec,
+ 		.set_vlan = hostapd_wpa_auth_set_vlan,
+ 		.get_vlan = hostapd_wpa_auth_get_vlan,
+		.set_rate_limit = hostapd_wpa_auth_set_rate_limit,
+		.get_rate_limit = hostapd_wpa_auth_get_rate_limit,
+ 		.set_identity = hostapd_wpa_auth_set_identity,
+ 		.get_identity = hostapd_wpa_auth_get_identity,
+ 		.set_radius_cui = hostapd_wpa_auth_set_radius_cui,
+--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
+@@ -379,6 +379,14 @@ static size_t wpa_ft_vlan_len(const stru
+ 	return tlv_len;
+ }
+ 
+static size_t wpa_ft_rate_limit_len(const struct rate_description *rate)
+{
+	if (!rate || (!rate->rx && !rate->tx))
+		return 0;
+
+	return (sizeof(struct ft_rrb_tlv) + 8);
+}
+
+ 
+ static size_t wpa_ft_vlan_lin(const struct vlan_description *vlan,
+ 			      u8 *start, u8 *endpos)
+@@ -434,10 +442,48 @@ static size_t wpa_ft_vlan_lin(const stru
+ }
+ 
+ 
+static size_t wpa_ft_rate_limit_lin(const struct rate_description *rate,
+				    u8 *start, u8 *endpos)
+{
+	size_t tlv_len;
+	int i, len;
+	struct ft_rrb_tlv *hdr;
+	u8 *pos = start;
+
+	if (!rate)
+		return 0;
+
+	tlv_len = 0;
+	if (rate->rx || rate->tx) {
+		tlv_len += sizeof(*hdr);
+		if (start + tlv_len > endpos)
+			return tlv_len;
+		hdr = (struct ft_rrb_tlv *) pos;
+		hdr->type = host_to_le16(FT_RRB_RATE_LIMIT);
+		hdr->len = host_to_le16(2 * sizeof(le32));
+		pos = start + tlv_len;
+
+		tlv_len += sizeof(u32);
+		if (start + tlv_len > endpos)
+			return tlv_len;
+		WPA_PUT_LE32(pos, rate->rx);
+		pos = start + tlv_len;
+		tlv_len += sizeof(u32);
+		if (start + tlv_len > endpos)
+			return tlv_len;
+		WPA_PUT_LE32(pos, rate->tx);
+		pos = start + tlv_len;
+	}
+
+	return tlv_len;
+}
+
+
+ static int wpa_ft_rrb_lin(const struct tlv_list *tlvs1,
+ 			  const struct tlv_list *tlvs2,
+ 			  const struct vlan_description *vlan,
+-			  u8 **plain, size_t *plain_len)
+			  u8 **plain, size_t *plain_len,
+			  const struct rate_description *rate)
+ {
+ 	u8 *pos, *endpos;
+ 	size_t tlv_len;
+@@ -445,6 +491,7 @@ static int wpa_ft_rrb_lin(const struct t
+ 	tlv_len = wpa_ft_tlv_len(tlvs1);
+ 	tlv_len += wpa_ft_tlv_len(tlvs2);
+ 	tlv_len += wpa_ft_vlan_len(vlan);
+	tlv_len += wpa_ft_rate_limit_len(rate);
+ 
+ 	*plain_len = tlv_len;
+ 	*plain = os_zalloc(tlv_len);
+@@ -458,6 +505,7 @@ static int wpa_ft_rrb_lin(const struct t
+ 	pos += wpa_ft_tlv_lin(tlvs1, pos, endpos);
+ 	pos += wpa_ft_tlv_lin(tlvs2, pos, endpos);
+ 	pos += wpa_ft_vlan_lin(vlan, pos, endpos);
+	pos += wpa_ft_rate_limit_lin(rate, pos, endpos);
+ 
+ 	/* validity check */
+ 	if (pos != endpos) {
+@@ -526,7 +574,8 @@ static int wpa_ft_rrb_build(const u8 *ke
+ 			    const struct tlv_list *tlvs_auth,
+ 			    const struct vlan_description *vlan,
+ 			    const u8 *src_addr, u8 type,
+-			    u8 **packet, size_t *packet_len)
+			    u8 **packet, size_t *packet_len,
+			    const struct rate_description *rate)
+ {
+ 	u8 *plain = NULL, *auth = NULL, *pos, *tmp;
+ 	size_t plain_len = 0, auth_len = 0;
+@@ -534,10 +583,10 @@ static int wpa_ft_rrb_build(const u8 *ke
+ 	size_t pad_len = 0;
+ 
+ 	*packet = NULL;
+-	if (wpa_ft_rrb_lin(tlvs_enc0, tlvs_enc1, vlan, &plain, &plain_len) < 0)
+	if (wpa_ft_rrb_lin(tlvs_enc0, tlvs_enc1, vlan, &plain, &plain_len, rate) < 0)
+ 		goto out;
+ 
+-	if (wpa_ft_rrb_lin(tlvs_auth, NULL, NULL, &auth, &auth_len) < 0)
+	if (wpa_ft_rrb_lin(tlvs_auth, NULL, NULL, &auth, &auth_len, NULL) < 0)
+ 		goto out;
+ 
+ 	*packet_len = sizeof(u16) + auth_len + plain_len;
+@@ -700,6 +749,24 @@ static int wpa_ft_get_vlan(struct wpa_au
+ }
+ 
+ 
+static int wpa_ft_get_rate_limit(struct wpa_authenticator *wpa_auth,
+				 const u8 *sta_addr, struct rate_description *rate)
+{
+	if (!wpa_auth->cb->get_rate_limit)
+		return -1;
+	return wpa_auth->cb->get_rate_limit(wpa_auth->cb_ctx, sta_addr, rate);
+}
+
+
+static int wpa_ft_set_rate_limit(struct wpa_authenticator *wpa_auth,
+				 const u8 *sta_addr, struct rate_description *rate)
+{
+	if (!wpa_auth->cb->set_rate_limit)
+		return -1;
+	return wpa_auth->cb->set_rate_limit(wpa_auth->cb_ctx, sta_addr, rate);
+}
+
+
+ static int
+ wpa_ft_set_identity(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
+ 		    const u8 *identity, size_t identity_len)
+@@ -1025,7 +1092,7 @@ wpa_ft_rrb_seq_req(struct wpa_authentica
+ 
+ 	if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_req_auth, NULL,
+ 			     wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
+-			     &packet, &packet_len) < 0) {
+			     &packet, &packet_len, NULL) < 0) {
+ 		item = NULL; /* some other seq resp might still accept this */
+ 		goto err;
+ 	}
+@@ -1208,6 +1275,7 @@ struct wpa_ft_pmk_r0_sa {
+ 	u8 spa[ETH_ALEN];
+ 	int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
+ 	struct vlan_description *vlan;
+	struct rate_description *rate;
+ 	os_time_t expiration; /* 0 for no expiration */
+ 	u8 *identity;
+ 	size_t identity_len;
+@@ -1226,6 +1294,7 @@ struct wpa_ft_pmk_r1_sa {
+ 	u8 spa[ETH_ALEN];
+ 	int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
+ 	struct vlan_description *vlan;
+	struct rate_description *rate;
+ 	u8 *identity;
+ 	size_t identity_len;
+ 	u8 *radius_cui;
+@@ -1254,6 +1323,7 @@ static void wpa_ft_free_pmk_r0(struct wp
+ 
+ 	os_memset(r0->pmk_r0, 0, PMK_LEN_MAX);
+ 	os_free(r0->vlan);
+	os_free(r0->rate);
+ 	os_free(r0->identity);
+ 	os_free(r0->radius_cui);
+ 	os_free(r0);
+@@ -1307,6 +1377,7 @@ static void wpa_ft_free_pmk_r1(struct wp
+ 	eloop_cancel_timeout(wpa_ft_expire_pmk_r1, r1, NULL);
+ 
+ 	os_memset(r1->pmk_r1, 0, PMK_LEN_MAX);
+	os_free(r1->rate);
+ 	os_free(r1->vlan);
+ 	os_free(r1->identity);
+ 	os_free(r1->radius_cui);
+@@ -1360,7 +1431,8 @@ static int wpa_ft_store_pmk_r0(struct wp
+ 			       const struct vlan_description *vlan,
+ 			       int expires_in, int session_timeout,
+ 			       const u8 *identity, size_t identity_len,
+-			       const u8 *radius_cui, size_t radius_cui_len)
+			       const u8 *radius_cui, size_t radius_cui_len,
+			       struct rate_description *rate)
+ {
+ 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
+ 	struct wpa_ft_pmk_r0_sa *r0;
+@@ -1388,6 +1460,14 @@ static int wpa_ft_store_pmk_r0(struct wp
+ 		}
+ 		*r0->vlan = *vlan;
+ 	}
+	if (rate) {
+		r0->rate = os_zalloc(sizeof(*rate));
+		if (!r0->rate) {
+			bin_clear_free(r0, sizeof(*r0));
+			return -1;
+		}
+		*r0->rate = *rate;
+	}
+ 	if (identity) {
+ 		r0->identity = os_malloc(identity_len);
+ 		if (r0->identity) {
+@@ -1447,7 +1527,8 @@ static int wpa_ft_store_pmk_r1(struct wp
+ 			       const struct vlan_description *vlan,
+ 			       int expires_in, int session_timeout,
+ 			       const u8 *identity, size_t identity_len,
+-			       const u8 *radius_cui, size_t radius_cui_len)
+			       const u8 *radius_cui, size_t radius_cui_len,
+			       struct rate_description *rate)
+ {
+ 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
+ 	int max_expires_in = wpa_auth->conf.r1_max_key_lifetime;
+@@ -1477,6 +1558,14 @@ static int wpa_ft_store_pmk_r1(struct wp
+ 		}
+ 		*r1->vlan = *vlan;
+ 	}
+	if (rate) {
+		r1->rate = os_zalloc(sizeof(*rate));
+		if (!r1->rate) {
+			bin_clear_free(r1, sizeof(*r1));
+			return -1;
+		}
+		*r1->rate = *rate;
+	}
+ 	if (identity) {
+ 		r1->identity = os_malloc(identity_len);
+ 		if (r1->identity) {
+@@ -1513,7 +1602,7 @@ int wpa_ft_fetch_pmk_r1(struct wpa_authe
+ 			struct vlan_description *vlan,
+ 			const u8 **identity, size_t *identity_len,
+ 			const u8 **radius_cui, size_t *radius_cui_len,
+-			int *session_timeout)
+			int *session_timeout, struct rate_description *rate)
+ {
+ 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
+ 	struct wpa_ft_pmk_r1_sa *r1;
+@@ -1533,6 +1622,12 @@ int wpa_ft_fetch_pmk_r1(struct wpa_authe
+ 				*vlan = *r1->vlan;
+ 			if (vlan && !r1->vlan)
+ 				os_memset(vlan, 0, sizeof(*vlan));
+			if (rate) {
+				if (r1->rate)
+					*rate = *r1->rate;
+				else
+					memset(rate, 0, sizeof(*rate));
+			}
+ 			if (identity && identity_len) {
+ 				*identity = r1->identity;
+ 				*identity_len = r1->identity_len;
+@@ -2059,7 +2154,7 @@ static int wpa_ft_pull_pmk_r1(struct wpa
+ 
+ 	if (wpa_ft_rrb_build(key, key_len, req_enc, NULL, req_auth, NULL,
+ 			     sm->wpa_auth->addr, FT_PACKET_R0KH_R1KH_PULL,
+-			     &packet, &packet_len) < 0)
+			     &packet, &packet_len, NULL) < 0)
+ 		return -1;
+ 
+ 	ft_pending_req_ies = wpabuf_alloc_copy(ies, ies_len);
+@@ -2088,6 +2183,7 @@ int wpa_ft_store_pmk_fils(struct wpa_sta
+ {
+ 	int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
+ 	struct vlan_description vlan;
+	struct rate_description rate;
+ 	const u8 *identity, *radius_cui;
+ 	size_t identity_len, radius_cui_len;
+ 	int session_timeout;
+@@ -2099,6 +2195,7 @@ int wpa_ft_store_pmk_fils(struct wpa_sta
+ 			   MAC2STR(sm->addr));
+ 		return -1;
+ 	}
+	wpa_ft_get_rate_limit(sm->wpa_auth, sm->addr, &rate);
+ 
+ 	identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity);
+ 	radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr,
+@@ -2108,7 +2205,7 @@ int wpa_ft_store_pmk_fils(struct wpa_sta
+ 	return wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_len,
+ 				   pmk_r0_name, sm->pairwise, &vlan, expires_in,
+ 				   session_timeout, identity, identity_len,
+-				   radius_cui, radius_cui_len);
+				   radius_cui, radius_cui_len, &rate);
+ }
+ 
+ 
+@@ -2172,6 +2269,7 @@ void wpa_auth_ft_store_keys(struct wpa_s
+ 	int psk_local = sm->wpa_auth->conf.ft_psk_generate_local;
+ 	int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
+ 	struct vlan_description vlan;
+	struct rate_description rate;
+ 	const u8 *identity, *radius_cui;
+ 	size_t identity_len, radius_cui_len;
+ 	int session_timeout;
+@@ -2185,6 +2283,8 @@ void wpa_auth_ft_store_keys(struct wpa_s
+ 		return;
+ 	}
+ 
+	wpa_ft_get_rate_limit(sm->wpa_auth, sm->addr, &rate);
+
+ 	identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity);
+ 	radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr,
+ 					       &radius_cui);
+@@ -2195,11 +2295,12 @@ void wpa_auth_ft_store_keys(struct wpa_s
+ 			    pmk_r0_name,
+ 			    sm->pairwise, &vlan, expires_in,
+ 			    session_timeout, identity, identity_len,
+-			    radius_cui, radius_cui_len);
+			    radius_cui, radius_cui_len, &rate);
+ 	wpa_ft_store_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1, key_len,
+ 			    sm->pmk_r1_name, sm->pairwise, &vlan,
+ 			    expires_in, session_timeout, identity,
+-			    identity_len, radius_cui, radius_cui_len);
+			    identity_len, radius_cui, radius_cui_len,
+			    &rate);
+ }
+ 
+ 
+@@ -3100,7 +3201,8 @@ static int wpa_ft_local_derive_pmk_r1(st
+ 				      const u8 **radius_cui,
+ 				      size_t *radius_cui_len,
+ 				      int *out_session_timeout,
+-				      size_t *pmk_r1_len)
+				      size_t *pmk_r1_len,
+				      struct rate_description *rate)
+ {
+ 	struct wpa_auth_config *conf = &wpa_auth->conf;
+ 	const struct wpa_ft_pmk_r0_sa *r0;
+@@ -3136,7 +3238,8 @@ static int wpa_ft_local_derive_pmk_r1(st
+ 			    out_pmk_r1_name,
+ 			    sm->pairwise, r0->vlan, expires_in, session_timeout,
+ 			    r0->identity, r0->identity_len,
+-			    r0->radius_cui, r0->radius_cui_len);
+			    r0->radius_cui, r0->radius_cui_len,
+			    r0->rate);
+ 
+ 	*out_pairwise = sm->pairwise;
+ 	if (vlan) {
+@@ -3146,6 +3249,13 @@ static int wpa_ft_local_derive_pmk_r1(st
+ 			os_memset(vlan, 0, sizeof(*vlan));
+ 	}
+ 
+	if (rate) {
+		if (r0->rate)
+			*rate = *r0->rate;
+		else
+			os_memset(rate, 0, sizeof(*rate));
+	}
+
+ 	if (identity && identity_len) {
+ 		*identity = r0->identity;
+ 		*identity_len = r0->identity_len;
+@@ -3178,6 +3288,7 @@ static int wpa_ft_process_auth_req(struc
+ 	u8 *pos, *end;
+ 	int pairwise, session_timeout = 0;
+ 	struct vlan_description vlan;
+	struct rate_description rate = {};
+ 	const u8 *identity, *radius_cui;
+ 	size_t identity_len = 0, radius_cui_len = 0;
+ 	size_t pmk_r1_len, kdk_len, len;
+@@ -3274,7 +3385,7 @@ static int wpa_ft_process_auth_req(struc
+ 					pmk_r1, &pmk_r1_len, &pairwise, &vlan,
+ 					&identity, &identity_len, &radius_cui,
+ 					&radius_cui_len,
+-					&session_timeout) == 0) {
+					&session_timeout, &rate) == 0) {
+ 			wpa_printf(MSG_DEBUG,
+ 				   "FT: Found PMKR1Name (using SHA%zu) from local cache",
+ 				   pmk_r1_len * 8);
+@@ -3290,7 +3401,7 @@ static int wpa_ft_process_auth_req(struc
+ 				       pmk_r1_name, pmk_r1, &pairwise,
+ 				       &vlan, &identity, &identity_len,
+ 				       &radius_cui, &radius_cui_len,
+-				       &session_timeout, &pmk_r1_len) == 0) {
+				       &session_timeout, &pmk_r1_len, &rate) == 0) {
+ 		wpa_printf(MSG_DEBUG,
+ 			   "FT: Generated PMK-R1 based on local PMK-R0");
+ 		goto pmk_r1_derived;
+@@ -3392,6 +3503,7 @@ pmk_r1_derived:
+ 		wpa_printf(MSG_DEBUG, "FT: Failed to configure VLAN");
+ 		goto out;
+ 	}
+	wpa_ft_set_rate_limit(sm->wpa_auth, sm->addr, &rate);
+ 	if (wpa_ft_set_identity(sm->wpa_auth, sm->addr,
+ 				identity, identity_len) < 0 ||
+ 	    wpa_ft_set_radius_cui(sm->wpa_auth, sm->addr,
+@@ -3973,7 +4085,7 @@ static int wpa_ft_rrb_build_r0(const u8
+ 
+ 	ret = wpa_ft_rrb_build(key, key_len, tlvs, sess_tlv, tlv_auth,
+ 			       pmk_r0->vlan, src_addr, type,
+-			       packet, packet_len);
+			       packet, packet_len, pmk_r0->rate);
+ 
+ 	forced_memzero(pmk_r1, sizeof(pmk_r1));
+ 
+@@ -4113,7 +4225,7 @@ static int wpa_ft_rrb_rx_pull(struct wpa
+ 		ret = wpa_ft_rrb_build(key, key_len, resp, NULL, resp_auth,
+ 				       NULL, wpa_auth->addr,
+ 				       FT_PACKET_R0KH_R1KH_RESP,
+-				       &packet, &packet_len);
+				       &packet, &packet_len, NULL);
+ 	} else {
+ 		ret = wpa_ft_rrb_build_r0(key, key_len, resp, r0, f_r1kh_id,
+ 					  f_s1kh_id, resp_auth, wpa_auth->addr,
+@@ -4165,11 +4277,15 @@ static int wpa_ft_rrb_rx_r1(struct wpa_a
+ 	size_t f_expires_in_len;
+ 	size_t f_identity_len, f_radius_cui_len;
+ 	size_t f_session_timeout_len;
+	size_t f_rate_len;
+	const u8 *f_rate;
+ 	int pairwise;
+ 	int ret = -1;
+ 	int expires_in;
+ 	int session_timeout;
+ 	struct vlan_description vlan;
+	struct rate_description rate;
+	int has_rate = 0;
+ 	size_t pmk_r1_len;
+ 
+ 	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1);
+@@ -4279,6 +4395,13 @@ static int wpa_ft_rrb_rx_r1(struct wpa_a
+ 	wpa_printf(MSG_DEBUG, "FT: vlan %d%s",
+ 		   le_to_host16(vlan.untagged), vlan.tagged[0] ? "+" : "");
+ 
+	RRB_GET_OPTIONAL(FT_RRB_RATE_LIMIT, rate, msgtype, 2 * sizeof(le32));
+	if (f_rate) {
+		memcpy(&rate, f_rate, sizeof(rate));
+		rate.rx = le_to_host32(rate.rx);
+		rate.tx = le_to_host32(rate.tx);
+		has_rate = 1;
+	};
+ 	RRB_GET_OPTIONAL(FT_RRB_IDENTITY, identity, msgtype, -1);
+ 	if (f_identity)
+ 		wpa_hexdump_ascii(MSG_DEBUG, "FT: Identity", f_identity,
+@@ -4301,7 +4424,7 @@ static int wpa_ft_rrb_rx_r1(struct wpa_a
+ 				f_pmk_r1_name,
+ 				pairwise, &vlan, expires_in, session_timeout,
+ 				f_identity, f_identity_len, f_radius_cui,
+-				f_radius_cui_len) < 0)
+				f_radius_cui_len, has_rate ? &rate : 0) < 0)
+ 		goto out;
+ 
+ 	ret = 0;
+@@ -4614,7 +4737,7 @@ static int wpa_ft_rrb_rx_seq_req(struct
+ 
+ 	if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_resp_auth, NULL,
+ 			     wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_RESP,
+-			     &packet, &packet_len) < 0)
+			     &packet, &packet_len, NULL) < 0)
+ 		goto out;
+ 
+ 	wpa_ft_rrb_oui_send(wpa_auth, src_addr,
--- a/feeds/mediatek-sdk/hostapd/patches/999-ft-anonce.patch
+++ b/feeds/mediatek-sdk/hostapd/patches/999-ft-anonce.patch
@@ -0,0 +1,10 @@
+--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
+@@ -54,6 +54,7 @@ struct wpa_state_machine {
+ 	bool MICVerified;
+ 	bool GUpdateStationKeys;
+ 	u8 ANonce[WPA_NONCE_LEN];
+	struct os_reltime ANonce_time;
+ 	u8 SNonce[WPA_NONCE_LEN];
+ 	u8 alt_SNonce[WPA_NONCE_LEN];
+ 	u8 alt_replay_counter[WPA_REPLAY_COUNTER_LEN];
--- a/feeds/mediatek-sdk/hostapd/patches/999-re-assoc-event.patch
+++ b/feeds/mediatek-sdk/hostapd/patches/999-re-assoc-event.patch
@@ -0,0 +1,147 @@
+--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
+@@ -522,6 +522,7 @@ static void handle_auth_ft_finish(void *
+ 
+ 	hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211,
+ 		       HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)");
+	hostapd_ubus_notify(hapd, "ft-finish", sta->addr);
+ 	sta->flags |= WLAN_STA_AUTH;
+ 	mlme_authenticate_indication(hapd, sta);
+ }
+@@ -5273,6 +5274,8 @@ static void handle_assoc(struct hostapd_
+ 	}
+ 
+ 	sta = ap_get_sta(hapd, mgmt->sa);
+	if (sta && reassoc)
+		memcpy(sta->origin_ap, mgmt->u.reassoc_req.current_ap, 6);
+ #ifdef CONFIG_IEEE80211R_AP
+ 	if (sta && sta->auth_alg == WLAN_AUTH_FT &&
+ 	    (sta->flags & WLAN_STA_AUTH) == 0) {
+@@ -5426,6 +5429,7 @@ static void handle_assoc(struct hostapd_
+ 		.type = HOSTAPD_UBUS_ASSOC_REQ,
+ 		.mgmt_frame = mgmt,
+ 		.ssi_signal = rssi,
+		.reassoc = reassoc,
+ 	};
+ 
+ 	/* followed by SSID and Supported rates; and HT capabilities if 802.11n
+@@ -6496,7 +6500,7 @@ static void handle_assoc_cb(struct hosta
+ 		 * Open, static WEP, FT protocol, or FILS; no separate
+ 		 * authorization step.
+ 		 */
+-		ap_sta_set_authorized(hapd, sta, 1);
+		_ap_sta_set_authorized(hapd, sta, 1, reassoc);
+ 	}
+ 
+ 	if (reassoc)
+--- a/src/ap/ubus.c
+++ b/src/ap/ubus.c
+@@ -1870,6 +1870,8 @@ int hostapd_ubus_handle_event(struct hos
+ 	if (req->ssi_signal)
+ 		blobmsg_add_u32(&b, "signal", req->ssi_signal);
+ 	blobmsg_add_u32(&b, "freq", hapd->iface->freq);
+	if (req->reassoc && req->mgmt_frame)
+		blobmsg_add_macaddr(&b, "origin", req->mgmt_frame->u.reassoc_req.current_ap);
+ 
+ 	if (req->elems) {
+ 		if(req->elems->ht_capabilities)
+@@ -1940,6 +1942,7 @@ void hostapd_ubus_notify(struct hostapd_
+ 	blob_buf_init(&b, 0);
+ 	blobmsg_add_macaddr(&b, "address", addr);
+ 	blobmsg_add_string(&b, "ifname", hapd->conf->iface);
+	blobmsg_printf(&b, "target", MACSTR, MAC2STR(hapd->conf->bssid));
+ 
+ 	ubus_notify(ctx, &hapd->ubus.obj, type, b.head, -1);
+ }
+@@ -1958,7 +1961,7 @@ void hostapd_ubus_notify_csa(struct host
+ }
+ 
+ 
+-void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta)
+void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta, int reassoc)
+ {
+ 	if (!hapd->ubus.obj.has_subscribers)
+ 		return;
+@@ -1975,6 +1978,9 @@ void hostapd_ubus_notify_authorized(stru
+ 		blobmsg_add_u32(&b, "", sta->bandwidth[1]);
+ 		blobmsg_close_array(&b, r);
+ 	}
+	if (reassoc)
+		blobmsg_add_macaddr(&b, "origin", sta->origin_ap);
+	blobmsg_printf(&b, "target", MACSTR, MAC2STR(hapd->conf->bssid));
+ 
+ 	ubus_notify(ctx, &hapd->ubus.obj, "sta-authorized", b.head, -1);
+ }
+--- a/src/ap/ubus.h
+++ b/src/ap/ubus.h
+@@ -22,6 +22,7 @@ struct hostapd_ubus_request {
+ 	const struct ieee802_11_elems *elems;
+ 	int ssi_signal; /* dBm */
+ 	const u8 *addr;
+	int reassoc;
+ };
+ 
+ struct hostapd_iface;
+@@ -49,7 +50,7 @@ void hostapd_ubus_remove_vlan(struct hos
+ 
+ int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req);
+ void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *mac);
+-void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta);
+void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta, int reassoc);
+ void hostapd_ubus_notify_beacon_report(struct hostapd_data *hapd,
+ 				       const u8 *addr, u8 token, u8 rep_mode,
+ 				       struct rrm_measurement_beacon_report *rep,
+--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
+@@ -1297,8 +1297,8 @@ const u8 * ap_sta_wpa_get_dpp_pkhash(str
+ }
+ 
+ 
+-void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
+-			   int authorized)
+void _ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
+			    int authorized, int reassoc)
+ {
+ 	const u8 *dev_addr = NULL;
+ 	char buf[100];
+@@ -1404,7 +1404,7 @@ void ap_sta_set_authorized(struct hostap
+ 					 dpp_pkhash, SHA256_MAC_LEN);
+ 		}
+ 
+-		hostapd_ubus_notify_authorized(hapd, sta);
+		hostapd_ubus_notify_authorized(hapd, sta, reassoc);
+ 		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s%s",
+ 			buf, ip_addr, keyid_buf, dpp_pkhash_buf, alg_buf);
+ 
+@@ -1434,6 +1434,11 @@ void ap_sta_set_authorized(struct hostap
+ 	}
+ #endif /* CONFIG_FST */
+ }
+void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
+			   int authorized)
+{
+	_ap_sta_set_authorized(hapd, sta, authorized, 0);
+}
+ 
+ 
+ void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
+--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
+@@ -102,6 +102,7 @@ struct sta_info {
+ 	struct sta_info *next; /* next entry in sta list */
+ 	struct sta_info *hnext; /* next entry in hash table list */
+ 	u8 addr[6];
+	u8 origin_ap[6];
+ 	be32 ipaddr;
+ 	struct dl_list ip6addr; /* list head for struct ip6addr */
+ 	u16 aid; /* STA's unique AID (1 .. 2007) or 0 if not yet assigned */
+@@ -398,6 +399,9 @@ const u8 * ap_sta_wpa_get_dpp_pkhash(str
+ void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
+ 		       const u8 *addr, u16 reason);
+ 
+void _ap_sta_set_authorized(struct hostapd_data *hapd,
+			    struct sta_info *sta, int authorized,
+			    int reassoc);
+ void ap_sta_set_authorized(struct hostapd_data *hapd,
+ 			   struct sta_info *sta, int authorized);
+ static inline int ap_sta_is_authorized(struct sta_info *sta)
--- a/feeds/mediatek-sdk/hostapd/patches/t00-010-ft_refresh.patch
+++ b/feeds/mediatek-sdk/hostapd/patches/t00-010-ft_refresh.patch
@@ -0,0 +1,86 @@
+--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
+@@ -3152,6 +3152,8 @@ static int hostapd_config_fill(struct ho
+ 		bss->ft_over_ds = atoi(pos);
+ 	} else if (os_strcmp(buf, "ft_psk_generate_local") == 0) {
+ 		bss->ft_psk_generate_local = atoi(pos);
+	} else if (os_strcmp(buf, "ft_l2_refresh") == 0) {
+		bss->ft_l2_refresh = atoi(pos);
+ #endif /* CONFIG_IEEE80211R_AP */
+ #ifndef CONFIG_NO_CTRL_IFACE
+ 	} else if (os_strcmp(buf, "ctrl_interface") == 0) {
+--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
+@@ -401,6 +401,7 @@ struct hostapd_bss_config {
+ 	int pmk_r1_push;
+ 	int ft_over_ds;
+ 	int ft_psk_generate_local;
+	int ft_l2_refresh;
+ 	int r1_max_key_lifetime;
+ #endif /* CONFIG_IEEE80211R_AP */
+ 
+--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
+@@ -1495,6 +1495,28 @@ static void hostapd_request_radius_psk(v
+ #endif /* CONFIG_NO_RADIUS */
+ 
+ 
+static void wpa_ft_refresh(void *eloop_data, void *user_data)
+{
+	struct hostapd_data *hapd = eloop_data;
+	struct ft_rrb_frame *frame;
+	struct l2_ethhdr *buf;
+	size_t len;
+
+	len = sizeof(*buf) + sizeof(*frame);
+	buf = os_zalloc(len);
+	frame = (struct ft_rrb_frame *)(buf + 1);
+	frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
+	frame->packet_type = FT_PACKET_REQUEST;
+	memset(buf->h_dest, 0xff, ETH_ALEN);
+	os_memcpy(buf->h_source, hapd->own_addr, ETH_ALEN);
+	buf->h_proto = host_to_be16(ETH_P_RRB);
+	l2_packet_send(hapd->l2, buf->h_dest, ETH_P_RRB, (u8 *) buf, len);
+	os_free(buf);
+
+	eloop_register_timeout(hapd->conf->ft_l2_refresh, 0, wpa_ft_refresh,
+			       hapd, NULL);
+}
+
+ int hostapd_setup_wpa(struct hostapd_data *hapd)
+ {
+ 	struct wpa_auth_config _conf;
+@@ -1640,6 +1662,9 @@ int hostapd_setup_wpa(struct hostapd_dat
+ 				   "Failed to open ETH_P_OUI interface");
+ 			return -1;
+ 		}
+
+		if (hapd->conf->ft_l2_refresh)
+			wpa_ft_refresh(hapd, NULL);
+ 	}
+ #endif /* CONFIG_IEEE80211R_AP */
+ 
+@@ -1655,7 +1680,6 @@ void hostapd_reconfig_wpa(struct hostapd
+ 	wpa_reconfig(hapd->wpa_auth, &wpa_auth_conf);
+ }
+ 
+-
+ void hostapd_deinit_wpa(struct hostapd_data *hapd)
+ {
+ 	ieee80211_tkip_countermeasures_deinit(hapd);
+@@ -1679,6 +1703,7 @@ void hostapd_deinit_wpa(struct hostapd_d
+ 				   "information element from interface %s",
+ 				   hapd->conf->iface);
+ 		}
+
+ 	}
+ 	ieee802_1x_deinit(hapd);
+ 
+@@ -1687,6 +1712,7 @@ void hostapd_deinit_wpa(struct hostapd_d
+ 	hostapd_wpa_ft_rrb_rx_later(hapd, NULL); /* flush without delivering */
+ 	eloop_cancel_timeout(hostapd_oui_deliver_later, hapd, ELOOP_ALL_CTX);
+ 	hostapd_oui_deliver_later(hapd, NULL); /* flush without delivering */
+	eloop_cancel_timeout(wpa_ft_refresh, hapd, ELOOP_ALL_CTX);
+ 	l2_packet_deinit(hapd->l2);
+ 	hapd->l2 = NULL;
+ 	hostapd_wpa_unregister_ft_oui(hapd);
--- a/feeds/mediatek-sdk/hostapd/patches/t00-011-owe_ssid_update.patch
+++ b/feeds/mediatek-sdk/hostapd/patches/t00-011-owe_ssid_update.patch
@@ -0,0 +1,27 @@
+--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
+@@ -1995,6 +1995,13 @@ static int hostapd_owe_iface_iter(struct
+ 		    is_zero_ether_addr(bss->own_addr))
+ 			continue;
+ 
+		if (!os_memcmp(hapd->conf->owe_transition_bssid, bss->own_addr,
+			       ETH_ALEN) &&
+		    hapd->conf->owe_transition_ssid_len == bss->conf->ssid.ssid_len &&
+		    !os_memcmp(hapd->conf->owe_transition_ssid, bss->conf->ssid.ssid,
+			       bss->conf->ssid.ssid_len))
+			return 0;
+
+ 		os_memcpy(hapd->conf->owe_transition_bssid, bss->own_addr,
+ 			  ETH_ALEN);
+ 		os_memcpy(hapd->conf->owe_transition_ssid,
+@@ -2011,10 +2018,6 @@ static int hostapd_owe_iface_iter(struct
+ 
+ int hostapd_owe_trans_get_info(struct hostapd_data *hapd)
+ {
+-	if (hapd->conf->owe_transition_ssid_len > 0 &&
+-	    !is_zero_ether_addr(hapd->conf->owe_transition_bssid))
+-		return 0;
+-
+ 	/* Find transition mode SSID/BSSID information from a BSS operated by
+ 	 * this hostapd instance. */
+ 	if (!hapd->iface->interfaces ||
--- a/feeds/mediatek-sdk/hostapd/patches/t00-012-hostapd-Fix-DVLAN-802.1x-issue.patch
+++ b/feeds/mediatek-sdk/hostapd/patches/t00-012-hostapd-Fix-DVLAN-802.1x-issue.patch
@@ -0,0 +1,53 @@
+From 98b6503b87bb36bf2f5ae16e52e230e8870c867f Mon Sep 17 00:00:00 2001
+From: Venkat Chimata <venkata@shasta.cloud>
+Date: Fri, 28 Jun 2024 14:39:31 +0530
+Subject: [PATCH] hostapd: Fix DVLAN + 802.1x issue
+
+In case of swconfig switches, the basename of the interface should be based on the last dot.
+Earlier it was done based on the first dot, which would result in incorrect basename.
+For example if the interface name is eth0.4087 then the vlan->ifname would be eth0.4087.  (A dot at the end) .
+Before this patch, the basename was returned as eth0. It should be eth0.4087
+
+Also fixed the return code by adding a default value of 0 and removed an unncessary check
+for if_add before ubus add call.
+
+Signed-off-by: Venkat Chimata <venkata@shasta.cloud>
+---
+ src/ap/vlan_init.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/ap/vlan_init.c b/src/ap/vlan_init.c
+index 3e27671..cfeb1e5 100644
+--- a/src/ap/vlan_init.c
+++ b/src/ap/vlan_init.c
+@@ -23,7 +23,8 @@ static int vlan_if_add(struct hostapd_data *hapd, struct hostapd_vlan *vlan,
+ 		       int existsok)
+ {
+ 	bool vlan_exists = iface_exists(vlan->ifname);
+-	int ret;
+	int ret = 0;
+
+ #ifdef CONFIG_WEP
+ 	int i;
+ 
+@@ -38,7 +39,7 @@ static int vlan_if_add(struct hostapd_data *hapd, struct hostapd_vlan *vlan,
+ #endif /* CONFIG_WEP */
+ 
+ 	if (!hapd->driver || !hapd->driver->if_add) {
+-		char *dot = strstr(vlan->ifname, ".");
+		char *dot = strrchr(vlan->ifname, '.');
+ 		if (dot)
+ 			*dot = '\0';
+ 		ret = 0;
+@@ -59,7 +60,7 @@ static int vlan_if_add(struct hostapd_data *hapd, struct hostapd_vlan *vlan,
+ 	if (hapd->wpa_auth)
+ 		ret = wpa_auth_ensure_group(hapd->wpa_auth, vlan->vlan_id);
+ 
+-	if (!ret && !vlan_exists && hapd->driver->if_add)
+	if (!ret && !vlan_exists)
+ 		hostapd_ubus_add_vlan(hapd, vlan);
+ 
+ 	if (ret == 0)
+-- 
+2.34.1
+
--- a/feeds/mediatek-sdk/hostapd/patches/zzz-radius-extended-avp.patch
+++ b/feeds/mediatek-sdk/hostapd/patches/zzz-radius-extended-avp.patch
@@ -0,0 +1,11 @@
+--- a/src/radius/radius.c
+++ b/src/radius/radius.c
+@@ -755,7 +755,7 @@ struct radius_attr_hdr * radius_msg_add_
+ 			ext->length = sizeof(*ext) + 1 + alen;
+ 			ext->ext_type = ext_type;
+ 			wpabuf_put_u8(msg->buf, data_len > alen ? 0x80 : 0);
+-			wpabuf_put_data(msg->buf, data, data_len);
+			wpabuf_put_data(msg->buf, data, alen);
+ 			data += alen;
+ 			data_len -= alen;
+ 			if (radius_msg_add_attr_to_array(
--- a/feeds/mediatek-sdk/hostapd/patches/zzz-roaming-key.patch
+++ b/feeds/mediatek-sdk/hostapd/patches/zzz-roaming-key.patch
@@ -0,0 +1,69 @@
+--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
+@@ -3154,6 +3154,8 @@ static int hostapd_config_fill(struct ho
+ 		bss->ft_psk_generate_local = atoi(pos);
+ 	} else if (os_strcmp(buf, "ft_l2_refresh") == 0) {
+ 		bss->ft_l2_refresh = atoi(pos);
+	} else if (os_strcmp(buf, "ft_key") == 0) {
+		strncpy(bss->ft_key, pos, sizeof(bss->ft_key));
+ #endif /* CONFIG_IEEE80211R_AP */
+ #ifndef CONFIG_NO_CTRL_IFACE
+ 	} else if (os_strcmp(buf, "ctrl_interface") == 0) {
+@@ -4996,8 +4998,22 @@ struct hostapd_config * hostapd_config_r
+ 
+ 	fclose(f);
+ 
+-	for (i = 0; i < conf->num_bss; i++)
+	for (i = 0; i < conf->num_bss; i++) {
+		if (*conf->bss[i]->ft_key) {
+			u8 buffer[128];
+			sprintf(buffer, "%02X:%02X:%02X:%02X:%02X:%02X %02X%02X%02X%02X%02X%02X %s", MAC2STR(conf->bss[i]->bssid), MAC2STR(conf->bss[i]->bssid), conf->bss[i]->ft_key);
+			add_r0kh(conf->bss[i], buffer);
+			sprintf(buffer, "%02X:%02X:%02X:%02X:%02X:%02X %02X:%02X:%02X:%02X:%02X:%02X %s", MAC2STR(conf->bss[i]->bssid), MAC2STR(conf->bss[i]->bssid), conf->bss[i]->ft_key);
+			add_r1kh(conf->bss[i], buffer);
+			sprintf(buffer, "ff:ff:ff:ff:ff:ff * %s", conf->bss[i]->ft_key);
+			add_r0kh(conf->bss[i], buffer);
+			sprintf(buffer, "00:00:00:00:00:00 00:00:00:00:00:00 %s", conf->bss[i]->ft_key);
+			add_r1kh(conf->bss[i], buffer);
+			hexstr2bin(conf->bss[i]->bssid, conf->bss[i]->r1_key_holder, FT_R1KH_ID_LEN); 
+			conf->bss[i]->r0_key_holder_bssid = 1;
+		}
+ 		hostapd_set_security_params(conf->bss[i], 1);
+	}
+ 
+ 	if (hostapd_config_check(conf, 1))
+ 		errors++;
+--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
+@@ -403,6 +403,7 @@ struct hostapd_bss_config {
+ 	int ft_psk_generate_local;
+ 	int ft_l2_refresh;
+ 	int r1_max_key_lifetime;
+	u8 ft_key[65];
+ #endif /* CONFIG_IEEE80211R_AP */
+ 
+ 	char *ctrl_interface; /* directory for UNIX domain sockets */
+--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
+@@ -390,6 +390,7 @@ struct hostapd_bss_config {
+ 	/* IEEE 802.11r - Fast BSS Transition */
+ 	u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
+ 	u8 r1_key_holder[FT_R1KH_ID_LEN];
+	int r0_key_holder_bssid;
+ 	u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */
+ 	int rkh_pos_timeout;
+ 	int rkh_neg_timeout;
+--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
+@@ -80,7 +80,10 @@ static void hostapd_wpa_auth_conf(struct
+ 	os_memcpy(wconf->ssid, conf->ssid.ssid, wconf->ssid_len);
+ 	os_memcpy(wconf->mobility_domain, conf->mobility_domain,
+ 		  MOBILITY_DOMAIN_ID_LEN);
+-	if (conf->nas_identifier &&
+	if (1 || conf->r0_key_holder_bssid) {
+		sprintf(wconf->r0_key_holder, "%02X%02X%02X%02X%02X%02X", MAC2STR(conf->bssid));
+		wconf->r0_key_holder_len = 12;
+	} else if (conf->nas_identifier &&
+ 	    os_strlen(conf->nas_identifier) <= FT_R0KH_ID_MAX_LEN) {
+ 		wconf->r0_key_holder_len = os_strlen(conf->nas_identifier);
+ 		os_memcpy(wconf->r0_key_holder, conf->nas_identifier,
--- a/feeds/mediatek-sdk/hostapd/src/hostapd/radius.c
+++ b/feeds/mediatek-sdk/hostapd/src/hostapd/radius.c
@@ -431,6 +431,10 @@ radius_user_parse_methods(struct eap_user *eap, struct blob_attr *data)
 				eap->ttls_auth |= EAP_TTLS_AUTH_MSCHAPV2;
 				continue;
 			}
+			if (!strcmp(method, "MACACL")) {
+				eap->macacl = 1;
+				continue;
+			}
 		}
 		n++;
 	}
--- a/feeds/mediatek-sdk/hostapd/src/src/ap/ubus.c
+++ b/feeds/mediatek-sdk/hostapd/src/src/ap/ubus.c
@@ -276,24 +276,10 @@ hostapd_bss_get_clients(struct ubus_context *ctx, struct ubus_object *obj,
 			blobmsg_add_u8(&b, sta_flags[i].name,
 				       !!(sta->flags & sta_flags[i].flag));

-#ifdef CONFIG_MBO
-		blobmsg_add_u8(&b, "mbo", !!(sta->cell_capa));
-#endif
-
 		r = blobmsg_open_array(&b, "rrm");
 		for (i = 0; i < ARRAY_SIZE(sta->rrm_enabled_capa); i++)
 			blobmsg_add_u32(&b, "", sta->rrm_enabled_capa[i]);
 		blobmsg_close_array(&b, r);
-
-		r = blobmsg_open_array(&b, "extended_capabilities");
-		/* Check if client advertises extended capabilities */
-		if (sta->ext_capability && sta->ext_capability[0] > 0) {
-			for (i = 0; i < sta->ext_capability[0]; i++) {
-				blobmsg_add_u32(&b, "", sta->ext_capability[1 + i]);
-			}
-		}
-		blobmsg_close_array(&b, r);
-
 		blobmsg_add_u32(&b, "aid", sta->aid);
 #ifdef CONFIG_TAXONOMY
 		r = blobmsg_alloc_string_buffer(&b, "signature", 1024);
@@ -323,7 +309,7 @@ hostapd_bss_get_clients(struct ubus_context *ctx, struct ubus_object *obj,
 			blobmsg_add_u32(&b, "retries", sta_driver_data.tx_retry_count);
 			blobmsg_add_u32(&b, "failed", sta_driver_data.tx_retry_failed);
 			blobmsg_add_u32(&b, "signal", sta_driver_data.signal);
-
+		
 			r = blobmsg_open_table(&b, "mcs");
 			if (sta_driver_data.rx_hemcs) {
 				blobmsg_add_u32(&b, "he", 1);
@@ -353,7 +339,7 @@ hostapd_bss_get_clients(struct ubus_context *ctx, struct ubus_object *obj,
 				blobmsg_add_u32(&b, "tx", sta_driver_data.tx_mcs);
 			}
 			blobmsg_close_table(&b, r);
-
+		
 			if (sta->signal_mgmt)
 				blobmsg_add_u32(&b, "signal_mgmt", sta->signal_mgmt);
 		}
@@ -383,6 +369,32 @@ hostapd_bss_get_features(struct ubus_context *ctx, struct ubus_object *obj,
 	return 0;
 }

+/* Imported from iw/util.c
+ *  https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/tree/util.c?id=4b25ae3537af48dbf9d0abf94132e5ba01b32c18#n200
+ */
+int ieee80211_frequency_to_channel(int freq)
+{
+	/* see 802.11-2007 17.3.8.3.2 and Annex J */
+	if (freq == 2484)
+		return 14;
+	/* see 802.11ax D6.1 27.3.23.2 and Annex E */
+	else if (freq == 5935)
+		return 2;
+	else if (freq < 2484)
+		return (freq - 2407) / 5;
+	else if (freq >= 4910 && freq <= 4980)
+		return (freq - 4000) / 5;
+	else if (freq < 5950)
+		return (freq - 5000) / 5;
+	else if (freq <= 45000) /* DMG band lower limit */
+		/* see 802.11ax D6.1 27.3.23.2 */
+		return (freq - 5950) / 5;
+	else if (freq >= 58320 && freq <= 70200)
+		return (freq - 56160) / 2160;
+	else
+		return 0;
+}
+
 static int
 hostapd_bss_get_status(struct ubus_context *ctx, struct ubus_object *obj,
 		       struct ubus_request_data *req, const char *method,
@@ -417,12 +429,6 @@ hostapd_bss_get_status(struct ubus_context *ctx, struct ubus_object *obj,
 	blobmsg_add_u32(&b, "channel", channel);
 	blobmsg_add_u32(&b, "op_class", op_class);
 	blobmsg_add_u32(&b, "beacon_interval", hapd->iconf->beacon_int);
-#ifdef CONFIG_IEEE80211AX
-	blobmsg_add_u32(&b, "bss_color", hapd->iface->conf->he_op.he_bss_color_disabled ? -1 :
-					 hapd->iface->conf->he_op.he_bss_color);
-#else
-	blobmsg_add_u32(&b, "bss_color", -1);
-#endif

 	snprintf(phy_name, 17, "%s", hapd->iface->phy);
 	blobmsg_add_string(&b, "phy", phy_name);
@@ -523,6 +529,7 @@ hostapd_bss_del_client_cb(struct hostapd_iface *iface, void *ctx)

 	hwaddr_aton(blobmsg_data(tb[DEL_CLIENT_ADDR]), addr);

+	syslog(0, "blogic %s:%s[%d]\n", __FILE__, __func__, __LINE__);
 	for (i = 0; i < iface->num_bss; i++) {
 		struct hostapd_data *bss = iface->bss[i];

@@ -540,7 +547,7 @@ hostapd_bss_del_client(struct ubus_context *ctx, struct ubus_object *obj,
 	struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
 	struct sta_info *sta;
 	bool deauth = false, global = false;
-	int reason, ban_time = 0;
+	int reason, ban_time = 0;;
 	u8 addr[ETH_ALEN];

 	blobmsg_parse(del_policy, __DEL_CLIENT_MAX, tb, blob_data(msg), blob_len(msg));
@@ -560,9 +567,6 @@ hostapd_bss_del_client(struct ubus_context *ctx, struct ubus_object *obj,
 	if (tb[DEL_CLIENT_GLOBAL_BAN])
 		global = blobmsg_get_bool(tb[DEL_CLIENT_GLOBAL_BAN]);

-	if (tb[DEL_CLIENT_GLOBAL_BAN])
-		global = blobmsg_get_bool(tb[DEL_CLIENT_GLOBAL_BAN]);
-
 	sta = ap_get_sta(hapd, addr);
 	if (sta) {
 		if (deauth) {
@@ -575,7 +579,7 @@ hostapd_bss_del_client(struct ubus_context *ctx, struct ubus_object *obj,
 	}

 	if (tb[DEL_CLIENT_BAN_TIME]) {
-		ban_time = blobmsg_get_u32(tb[DEL_CLIENT_BAN_TIME]);
+		ban_time = blobmsg_get_u32(tb[DEL_CLIENT_BAN_TIME]); 
 		if (global)
 			hapd->iface->interfaces->for_each_interface(hapd->iface->interfaces, hostapd_bss_del_client_cb, tb);
 		else
@@ -844,11 +848,8 @@ hostapd_switch_chan(struct ubus_context *ctx, struct ubus_object *obj,
 				css.freq_params.sec_channel_offset,
 				chwidth, seg0, seg1,
 				iconf->vht_capab,
-				mode ? &mode->he_capab[IEEE80211_MODE_AP] :
-				NULL,
-				mode ? &mode->eht_capab[IEEE80211_MODE_AP] :
-				NULL);
-
+				mode ? &mode->he_capab[IEEE80211_MODE_AP] : NULL,
+                               mode ? &mode->eht_capab[IEEE80211_MODE_AP] : NULL);
 	for (i = 0; i < hapd->iface->num_bss; i++) {
 		struct hostapd_data *bss = hapd->iface->bss[i];

@@ -950,7 +951,6 @@ hostapd_rrm_print_nr(struct hostapd_neighbor_entry *nr)
 enum {
 	BSS_MGMT_EN_NEIGHBOR,
 	BSS_MGMT_EN_BEACON,
-	BSS_MGMT_EN_LINK_MEASUREMENT,
 #ifdef CONFIG_WNM_AP
 	BSS_MGMT_EN_BSS_TRANSITION,
 #endif
@@ -978,14 +978,6 @@ __hostapd_bss_mgmt_enable_f(struct hostapd_data *hapd, int flag)
 			WLAN_RRM_CAPS_BEACON_REPORT_ACTIVE |
 			WLAN_RRM_CAPS_BEACON_REPORT_TABLE;

-		if (bss->radio_measurements[0] & flags == flags)
-			return false;
-
-		bss->radio_measurements[0] |= (u8) flags;
-		return true;
-	case BSS_MGMT_EN_LINK_MEASUREMENT:
-		flags = WLAN_RRM_CAPS_LINK_MEASUREMENT;
-
 		if (bss->radio_measurements[0] & flags == flags)
 			return false;

@@ -1023,7 +1015,6 @@ __hostapd_bss_mgmt_enable(struct hostapd_data *hapd, uint32_t flags)
 static const struct blobmsg_policy bss_mgmt_enable_policy[__BSS_MGMT_EN_MAX] = {
 	[BSS_MGMT_EN_NEIGHBOR] = { "neighbor_report", BLOBMSG_TYPE_BOOL },
 	[BSS_MGMT_EN_BEACON] = { "beacon_report", BLOBMSG_TYPE_BOOL },
-	[BSS_MGMT_EN_LINK_MEASUREMENT] = { "link_measurement", BLOBMSG_TYPE_BOOL },
 #ifdef CONFIG_WNM_AP
 	[BSS_MGMT_EN_BSS_TRANSITION] = { "bss_transition", BLOBMSG_TYPE_BOOL },
 #endif
@@ -1052,8 +1043,6 @@ hostapd_bss_mgmt_enable(struct ubus_context *ctx, struct ubus_object *obj,
 	}

 	__hostapd_bss_mgmt_enable(hapd, flags);
-
-	return 0;
 }


@@ -1304,105 +1293,13 @@ hostapd_rrm_beacon_req(struct ubus_context *ctx, struct ubus_object *obj,
 	return 0;
 }

-enum {
-	LM_REQ_ADDR,
-	LM_REQ_TX_POWER_USED,
-	LM_REQ_TX_POWER_MAX,
-	__LM_REQ_MAX,
-};
-
-static const struct blobmsg_policy lm_req_policy[__LM_REQ_MAX] = {
-	[LM_REQ_ADDR] = { "addr", BLOBMSG_TYPE_STRING },
-	[LM_REQ_TX_POWER_USED] = { "tx-power-used", BLOBMSG_TYPE_INT32 },
-	[LM_REQ_TX_POWER_MAX] = { "tx-power-max", BLOBMSG_TYPE_INT32 },
-};
-
-static int
-hostapd_rrm_lm_req(struct ubus_context *ctx, struct ubus_object *obj,
-		   struct ubus_request_data *ureq, const char *method,
-		   struct blob_attr *msg)
-{
-	struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
-	struct blob_attr *tb[__LM_REQ_MAX];
-	struct wpabuf *buf;
-	u8 addr[ETH_ALEN];
-	int ret;
-	int8_t txp_used, txp_max;
-
-	txp_used = 0;
-	txp_max = 0;
-
-	blobmsg_parse(lm_req_policy, __LM_REQ_MAX, tb, blob_data(msg), blob_len(msg));
-
-	if (!tb[LM_REQ_ADDR])
-		return UBUS_STATUS_INVALID_ARGUMENT;
-
-	if (tb[LM_REQ_TX_POWER_USED])
-		txp_used = (int8_t) blobmsg_get_u32(tb[LM_REQ_TX_POWER_USED]);
-
-	if (tb[LM_REQ_TX_POWER_MAX])
-		txp_max = (int8_t) blobmsg_get_u32(tb[LM_REQ_TX_POWER_MAX]);
-
-	if (hwaddr_aton(blobmsg_data(tb[LM_REQ_ADDR]), addr))
-		return UBUS_STATUS_INVALID_ARGUMENT;
-
-	buf = wpabuf_alloc(5);
-	if (!buf)
-		return UBUS_STATUS_UNKNOWN_ERROR;
-
-	wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
-	wpabuf_put_u8(buf, WLAN_RRM_LINK_MEASUREMENT_REQUEST);
-	wpabuf_put_u8(buf, 1);
-	/* TX-Power used */
-	wpabuf_put_u8(buf, txp_used);
-	/* Max TX Power */
-	wpabuf_put_u8(buf, txp_max);
-
-	ret = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
-				      wpabuf_head(buf), wpabuf_len(buf));
-
-	wpabuf_free(buf);
-	if (ret < 0)
-		return -ret;
-
-	return 0;
-}
-
-
-void hostapd_ubus_handle_link_measurement(struct hostapd_data *hapd, const u8 *data, size_t len)
-{
-	const struct ieee80211_mgmt *mgmt = (const struct ieee80211_mgmt *) data;
-	const u8 *pos, *end;
-	u8 token;
-
-	end = data + len;
-	token = mgmt->u.action.u.rrm.dialog_token;
-	pos = mgmt->u.action.u.rrm.variable;
-
-	if (end - pos < 8)
-		return;
-
-	if (!hapd->ubus.obj.has_subscribers)
-		return;
-
-	blob_buf_init(&b, 0);
-	blobmsg_add_macaddr(&b, "address", mgmt->sa);
-	blobmsg_add_u16(&b, "dialog-token", token);
-	blobmsg_add_u16(&b, "rx-antenna-id", pos[4]);
-	blobmsg_add_u16(&b, "tx-antenna-id", pos[5]);
-	blobmsg_add_u16(&b, "rcpi", pos[6]);
-	blobmsg_add_u16(&b, "rsni", pos[7]);
-
-	ubus_notify(ctx, &hapd->ubus.obj, "link-measurement-report", b.head, -1);
-}
-

 #ifdef CONFIG_WNM_AP

 static int
 hostapd_bss_tr_send(struct hostapd_data *hapd, u8 *addr, bool disassoc_imminent, bool abridged,
 		    u16 disassoc_timer, u8 validity_period, u8 dialog_token,
-		    struct blob_attr *neighbors, u8 mbo_reason, u8 cell_pref, u8 reassoc_delay)
+		    struct blob_attr *neighbors)
 {
 	struct blob_attr *cur;
 	struct sta_info *sta;
@@ -1410,8 +1307,6 @@ hostapd_bss_tr_send(struct hostapd_data *hapd, u8 *addr, bool disassoc_imminent,
 	int rem;
 	u8 *nr = NULL;
 	u8 req_mode = 0;
-	u8 mbo[10];
-	size_t mbo_len = 0;

 	sta = ap_get_sta(hapd, addr);
 	if (!sta)
@@ -1463,37 +1358,8 @@ hostapd_bss_tr_send(struct hostapd_data *hapd, u8 *addr, bool disassoc_imminent,
 	if (disassoc_imminent)
 		req_mode |= WNM_BSS_TM_REQ_DISASSOC_IMMINENT;

-#ifdef CONFIG_MBO
-	u8 *mbo_pos = mbo;
-
-	if (mbo_reason > MBO_TRANSITION_REASON_PREMIUM_AP)
-		return UBUS_STATUS_INVALID_ARGUMENT;
-
-	if (cell_pref != 0 && cell_pref != 1 && cell_pref != 255)
-		return UBUS_STATUS_INVALID_ARGUMENT;
-
-	if (reassoc_delay > 65535 || (reassoc_delay && !disassoc_imminent))
-		return UBUS_STATUS_INVALID_ARGUMENT;
-
-	*mbo_pos++ = MBO_ATTR_ID_TRANSITION_REASON;
-	*mbo_pos++ = 1;
-	*mbo_pos++ = mbo_reason;
-	*mbo_pos++ = MBO_ATTR_ID_CELL_DATA_PREF;
-	*mbo_pos++ = 1;
-	*mbo_pos++ = cell_pref;
-
-	if (reassoc_delay) {
-		*mbo_pos++ = MBO_ATTR_ID_ASSOC_RETRY_DELAY;
-		*mbo_pos++ = 2;
-		WPA_PUT_LE16(mbo_pos, reassoc_delay);
-		mbo_pos += 2;
-	}
-
-	mbo_len = mbo_pos - mbo;
-#endif
-
 	if (wnm_send_bss_tm_req(hapd, sta, req_mode, disassoc_timer, validity_period, NULL,
-				dialog_token, NULL, nr, nr_len, mbo_len ? mbo : NULL, mbo_len))
+				dialog_token, NULL, nr, nr_len, NULL, 0))
 		return UBUS_STATUS_UNKNOWN_ERROR;

 	return 0;
@@ -1507,11 +1373,6 @@ enum {
 	BSS_TR_NEIGHBORS,
 	BSS_TR_ABRIDGED,
 	BSS_TR_DIALOG_TOKEN,
-#ifdef CONFIG_MBO
-	BSS_TR_MBO_REASON,
-	BSS_TR_CELL_PREF,
-	BSS_TR_REASSOC_DELAY,
-#endif
 	__BSS_TR_DISASSOC_MAX
 };

@@ -1523,11 +1384,6 @@ static const struct blobmsg_policy bss_tr_policy[__BSS_TR_DISASSOC_MAX] = {
 	[BSS_TR_NEIGHBORS] = { "neighbors", BLOBMSG_TYPE_ARRAY },
 	[BSS_TR_ABRIDGED] = { "abridged", BLOBMSG_TYPE_BOOL },
 	[BSS_TR_DIALOG_TOKEN] = { "dialog_token", BLOBMSG_TYPE_INT32 },
-#ifdef CONFIG_MBO
-	[BSS_TR_MBO_REASON] = { "mbo_reason", BLOBMSG_TYPE_INT32 },
-	[BSS_TR_CELL_PREF] = { "cell_pref", BLOBMSG_TYPE_INT32 },
-	[BSS_TR_REASSOC_DELAY] = { "reassoc_delay", BLOBMSG_TYPE_INT32 },
-#endif
 };

 static int
@@ -1544,9 +1400,6 @@ hostapd_bss_transition_request(struct ubus_context *ctx, struct ubus_object *obj
 	u32 dialog_token = 1;
 	bool abridged;
 	bool da_imminent;
-	u8 mbo_reason;
-	u8 cell_pref;
-	u8 reassoc_delay;

 	blobmsg_parse(bss_tr_policy, __BSS_TR_DISASSOC_MAX, tb, blob_data(msg), blob_len(msg));

@@ -1568,19 +1421,52 @@ hostapd_bss_transition_request(struct ubus_context *ctx, struct ubus_object *obj
 	da_imminent = !!(tb[BSS_TR_DA_IMMINENT] && blobmsg_get_bool(tb[BSS_TR_DA_IMMINENT]));
 	abridged = !!(tb[BSS_TR_ABRIDGED] && blobmsg_get_bool(tb[BSS_TR_ABRIDGED]));

-#ifdef CONFIG_MBO
-	if (tb[BSS_TR_MBO_REASON])
-		mbo_reason = blobmsg_get_u32(tb[BSS_TR_MBO_REASON]);
-
-	if (tb[BSS_TR_CELL_PREF])
-		cell_pref = blobmsg_get_u32(tb[BSS_TR_CELL_PREF]);
-
-	if (tb[BSS_TR_REASSOC_DELAY])
-		reassoc_delay = blobmsg_get_u32(tb[BSS_TR_REASSOC_DELAY]);
-#endif
-
 	return hostapd_bss_tr_send(hapd, addr, da_imminent, abridged, da_timer, valid_period,
-				   dialog_token, tb[BSS_TR_NEIGHBORS], mbo_reason, cell_pref, reassoc_delay);
+				   dialog_token, tb[BSS_TR_NEIGHBORS]);
+}
+
+enum {
+	WNM_DISASSOC_ADDR,
+	WNM_DISASSOC_DURATION,
+	WNM_DISASSOC_NEIGHBORS,
+	WNM_DISASSOC_ABRIDGED,
+	__WNM_DISASSOC_MAX,
+};
+
+static const struct blobmsg_policy wnm_disassoc_policy[__WNM_DISASSOC_MAX] = {
+	[WNM_DISASSOC_ADDR] = { "addr", BLOBMSG_TYPE_STRING },
+	[WNM_DISASSOC_DURATION] { "duration", BLOBMSG_TYPE_INT32 },
+	[WNM_DISASSOC_NEIGHBORS] { "neighbors", BLOBMSG_TYPE_ARRAY },
+	[WNM_DISASSOC_ABRIDGED] { "abridged", BLOBMSG_TYPE_BOOL },
+};
+
+static int
+hostapd_wnm_disassoc_imminent(struct ubus_context *ctx, struct ubus_object *obj,
+			      struct ubus_request_data *ureq, const char *method,
+			      struct blob_attr *msg)
+{
+	struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
+	struct blob_attr *tb[__WNM_DISASSOC_MAX];
+	struct sta_info *sta;
+	int duration = 10;
+	u8 addr[ETH_ALEN];
+	bool abridged;
+
+	blobmsg_parse(wnm_disassoc_policy, __WNM_DISASSOC_MAX, tb, blob_data(msg), blob_len(msg));
+
+	if (!tb[WNM_DISASSOC_ADDR])
+		return UBUS_STATUS_INVALID_ARGUMENT;
+
+	if (hwaddr_aton(blobmsg_data(tb[WNM_DISASSOC_ADDR]), addr))
+		return UBUS_STATUS_INVALID_ARGUMENT;
+
+	if (tb[WNM_DISASSOC_DURATION])
+		duration = blobmsg_get_u32(tb[WNM_DISASSOC_DURATION]);
+
+	abridged = !!(tb[WNM_DISASSOC_ABRIDGED] && blobmsg_get_bool(tb[WNM_DISASSOC_ABRIDGED]));
+
+	return hostapd_bss_tr_send(hapd, addr, true, abridged, duration, duration,
+				   1, tb[WNM_DISASSOC_NEIGHBORS]);
 }
 #endif

@@ -1715,8 +1601,8 @@ static const struct ubus_method bss_methods[] = {
 	UBUS_METHOD_NOARG("rrm_nr_list", hostapd_rrm_nr_list),
 	UBUS_METHOD("rrm_nr_set", hostapd_rrm_nr_set, nr_set_policy),
 	UBUS_METHOD("rrm_beacon_req", hostapd_rrm_beacon_req, beacon_req_policy),
-	UBUS_METHOD("link_measurement_req", hostapd_rrm_lm_req, lm_req_policy),
 #ifdef CONFIG_WNM_AP
+	UBUS_METHOD("wnm_disassoc_imminent", hostapd_wnm_disassoc_imminent, wnm_disassoc_policy),
 	UBUS_METHOD("bss_transition_request", hostapd_bss_transition_request, bss_tr_policy),
 #endif
 };
@@ -1758,7 +1644,7 @@ hostapd_wired_get_clients(struct ubus_context *ctx, struct ubus_object *obj,
 			blobmsg_add_u8(&b, sta_flags[i].name,
 				       !!(sta->flags & sta_flags[i].flag));

-			blobmsg_close_table(&b, c);
+		blobmsg_close_table(&b, c);
 	}
 	blobmsg_close_array(&b, list);
 	ubus_send_reply(ctx, req, b.head);
@@ -1814,21 +1700,21 @@ hostapd_wired_mac_auth(struct ubus_context *ctx, struct ubus_object *obj,
 {
 	struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj);
 	struct blob_attr *tb[__MAC_AUTH_MAX];
-	struct radius_sta rad_info;
+        struct radius_sta rad_info;
 	struct sta_info *sta;
 	u8 addr[ETH_ALEN];
 	int acl_res;
-
+	
 	blobmsg_parse(mac_auth_policy, __MAC_AUTH_MAX, tb, blob_data(msg), blob_len(msg));

 	if (hwaddr_aton(blobmsg_data(tb[MAC_AUTH_ADDR]), addr))
 		return UBUS_STATUS_INVALID_ARGUMENT;

-	acl_res = hostapd_allowed_address(hapd, addr, NULL, 0, &rad_info, 0);
-	if (acl_res == HOSTAPD_ACL_REJECT) {
-		wpa_printf(MSG_ERROR, "Ignore new peer notification\n");
-		return UBUS_STATUS_INVALID_ARGUMENT;
-	}
+        acl_res = hostapd_allowed_address(hapd, addr, NULL, 0, &rad_info, 0);
+        if (acl_res == HOSTAPD_ACL_REJECT) {
+                wpa_printf(MSG_ERROR, "Ignore new peer notification\n");
+                return UBUS_STATUS_INVALID_ARGUMENT;
+        }

 	return 0;
 }
@@ -1944,7 +1830,8 @@ ubus_event_cb(struct ubus_notify_request *req, int idx, int ret)
 {
 	struct ubus_event_req *ureq = container_of(req, struct ubus_event_req, nreq);

-	ureq->resp = ret;
+	if (!ureq->resp)
+		ureq->resp = ret;
 }

 int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req)
@@ -1977,6 +1864,7 @@ int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_req

 	blob_buf_init(&b, 0);
 	blobmsg_add_macaddr(&b, "address", addr);
+	blobmsg_add_string(&b, "ifname", hapd->conf->iface);
 	if (req->mgmt_frame)
 		blobmsg_add_macaddr(&b, "target", req->mgmt_frame->da);
 	if (req->ssi_signal)
@@ -2069,8 +1957,8 @@ void hostapd_ubus_notify_csa(struct hostapd_data *hapd, int freq)
 	ubus_notify(ctx, &hapd->ubus.obj, "channel-switch", b.head, -1);
 }

-void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta,
-				    const char *auth_alg)
+
+void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta)
 {
 	if (!hapd->ubus.obj.has_subscribers)
 		return;
@@ -2078,10 +1966,8 @@ void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *
 	blob_buf_init(&b, 0);
 	blobmsg_add_macaddr(&b, "address", sta->addr);
 	if (sta->vlan_id)
-		blobmsg_add_u32(&b, "vlan", sta->vlan_id);	
+		blobmsg_add_u32(&b, "vlan", sta->vlan_id);
 	blobmsg_add_string(&b, "ifname", hapd->conf->iface);
-	if (auth_alg)
-		blobmsg_add_string(&b, "auth-alg", auth_alg);
 	if (sta->bandwidth[0] || sta->bandwidth[1]) {
 		void *r = blobmsg_open_array(&b, "rate-limit");

@@ -2089,6 +1975,7 @@ void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *
 		blobmsg_add_u32(&b, "", sta->bandwidth[1]);
 		blobmsg_close_array(&b, r);
 	}
+
 	ubus_notify(ctx, &hapd->ubus.obj, "sta-authorized", b.head, -1);
 }

@@ -2114,7 +2001,6 @@ void hostapd_ubus_notify_beacon_report(
 	blobmsg_add_macaddr(&b, "bssid", rep->bssid);
 	blobmsg_add_u16(&b, "antenna-id", rep->antenna_id);
 	blobmsg_add_u16(&b, "parent-tsf", rep->parent_tsf);
-	blobmsg_add_u16(&b, "rep-mode", rep_mode);

 	ubus_notify(ctx, &hapd->ubus.obj, "beacon-report", b.head, -1);
 }
--- a/feeds/mediatek-sdk/hostapd/src/src/ap/ubus.h
+++ b/feeds/mediatek-sdk/hostapd/src/src/ap/ubus.h
@@ -48,8 +48,8 @@ void hostapd_ubus_add_vlan(struct hostapd_data *hapd, struct hostapd_vlan *vlan)
 void hostapd_ubus_remove_vlan(struct hostapd_data *hapd, struct hostapd_vlan *vlan);

 int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req);
-void hostapd_ubus_handle_link_measurement(struct hostapd_data *hapd, const u8 *data, size_t len);
 void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *mac);
+void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta);
 void hostapd_ubus_notify_beacon_report(struct hostapd_data *hapd,
 				       const u8 *addr, u8 token, u8 rep_mode,
 				       struct rrm_measurement_beacon_report *rep,
@@ -66,8 +66,7 @@ void hostapd_ubus_free(struct hapd_interfaces *interfaces);
 int hostapd_ubus_notify_bss_transition_query(
 	struct hostapd_data *hapd, const u8 *addr, u8 dialog_token, u8 reason,
 	const u8 *candidate_list, u16 candidate_list_len);
-void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta,
-				    const char *auth_alg);
+void hostapd_ubus_notify_csa(struct hostapd_data *hapd, int freq);

 #else

@@ -102,10 +101,6 @@ static inline int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct ho
 	return 0;
 }

-static inline void hostapd_ubus_handle_link_measurement(struct hostapd_data *hapd, const u8 *data, size_t len)
-{
-}
-
 static inline void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *mac)
 {
 }
@@ -143,13 +138,6 @@ static inline int hostapd_ubus_notify_bss_transition_query(
 {
 	return 0;
 }
-
-static inline void
-hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta,
-			       const char *auth_alg)
-{
-}
-
 #endif

 #endif
--- a/feeds/mediatek-sdk/hostapd/src/src/ap/ucode.c
+++ b/feeds/mediatek-sdk/hostapd/src/src/ap/ucode.c
@@ -9,6 +9,7 @@
 #include "ap_drv_ops.h"
 #include "dfs.h"
 #include "acs.h"
+#include "ieee802_11_auth.h"
 #include <libubox/uloop.h>

 static uc_resource_type_t *global_type, *bss_type, *iface_type;
@@ -51,7 +52,7 @@ hostapd_ucode_update_bss_list(struct hostapd_iface *iface, uc_value_t *if_bss, u
 	int i;

 	list = ucv_array_new(vm);
-	for (i = 0; i < iface->num_bss; i++) {
+	for (i = 0; iface->bss && i < iface->num_bss; i++) {
 		struct hostapd_data *hapd = iface->bss[i];
 		uc_value_t *val = hostapd_ucode_bss_get_uval(hapd);

@@ -255,6 +256,7 @@ uc_hostapd_bss_set_config(uc_vm_t *vm, size_t nargs)

 	hostapd_setup_bss(hapd, hapd == iface->bss[0], true);
 	hostapd_ucode_update_interfaces();
+	hostapd_owe_update_trans(iface);

 done:
 	ret = 0;
@@ -375,6 +377,7 @@ uc_hostapd_iface_add_bss(uc_vm_t *vm, size_t nargs)
 	conf->bss[idx] = NULL;
 	ret = hostapd_ucode_bss_get_uval(hapd);
 	hostapd_ucode_update_interfaces();
+	hostapd_owe_update_trans(iface);
 	goto out;

 deinit_ctrl:
@@ -603,6 +606,7 @@ out:

 		ieee802_11_set_beacon(hapd);
 	}
+	hostapd_owe_update_trans(iface);

 	return ucv_boolean_new(true);
 }
@@ -694,6 +698,7 @@ uc_hostapd_bss_rename(uc_vm_t *vm, size_t nargs)
 	hostapd_ubus_add_bss(hapd);

 	hostapd_ucode_update_interfaces();
+	hostapd_owe_update_trans(hapd->iface);
 out:
 	if (interfaces->ctrl_iface_init)
 		interfaces->ctrl_iface_init(hapd);
@@ -701,6 +706,113 @@ out:
 	return ret ? NULL : ucv_boolean_new(true);
 }

+int hostapd_ucode_sta_auth(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	char addr[sizeof(MACSTR)];
+	uc_value_t *val, *cur;
+	int ret = 0;
+
+	if (wpa_ucode_call_prepare("sta_auth"))
+		return 0;
+
+	uc_value_push(ucv_get(ucv_string_new(hapd->conf->iface)));
+
+	snprintf(addr, sizeof(addr), MACSTR, MAC2STR(sta->addr));
+	val = ucv_string_new(addr);
+	uc_value_push(ucv_get(val));
+
+	val = wpa_ucode_call(2);
+
+	cur = ucv_object_get(val, "psk", NULL);
+	if (ucv_type(cur) == UC_ARRAY) {
+		struct hostapd_sta_wpa_psk_short *p, **next;
+		size_t len = ucv_array_length(cur);
+
+		next = &sta->psk;
+		hostapd_free_psk_list(*next);
+		*next = NULL;
+
+		for (size_t i = 0; i < len; i++) {
+			uc_value_t *cur_psk;
+			const char *str;
+			size_t str_len;
+
+			cur_psk = ucv_array_get(cur, i);
+			str = ucv_string_get(cur_psk);
+			str_len = strlen(str);
+			if (!str || str_len < 8 || str_len > 64)
+				continue;
+
+			p = os_zalloc(sizeof(*p));
+			if (len == 64) {
+				if (hexstr2bin(str, p->psk, PMK_LEN) < 0) {
+					free(p);
+					continue;
+				}
+			} else {
+				p->is_passphrase = 1;
+				memcpy(p->passphrase, str, str_len + 1);
+			}
+
+			*next = p;
+			next = &p->next;
+		}
+	}
+
+	cur = ucv_object_get(val, "force_psk", NULL);
+	sta->use_sta_psk = ucv_is_truish(cur);
+
+	cur = ucv_object_get(val, "status", NULL);
+	if (ucv_type(cur) == UC_INTEGER)
+		ret = ucv_int64_get(cur);
+
+	ucv_put(val);
+	ucv_gc(vm);
+
+	return ret;
+}
+
+void hostapd_ucode_sta_connected(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	struct hostapd_sta_wpa_psk_short *psk = sta->psk;
+	char addr[sizeof(MACSTR)];
+	uc_value_t *val, *cur;
+	int ret = 0;
+
+	if (wpa_ucode_call_prepare("sta_connected"))
+		return;
+
+	uc_value_push(ucv_get(ucv_string_new(hapd->conf->iface)));
+
+	snprintf(addr, sizeof(addr), MACSTR, MAC2STR(sta->addr));
+	val = ucv_string_new(addr);
+	uc_value_push(ucv_get(val));
+
+	val = ucv_object_new(vm);
+	if (sta->psk_idx)
+		ucv_object_add(val, "psk_idx", ucv_int64_new(sta->psk_idx - 1));
+	if (sta->psk)
+		ucv_object_add(val, "psk", ucv_string_new(sta->psk->passphrase));
+	uc_value_push(ucv_get(val));
+
+	val = wpa_ucode_call(3);
+	if (ucv_type(val) != UC_OBJECT)
+		goto out;
+
+	cur = ucv_object_get(val, "vlan", NULL);
+	if (ucv_type(cur) == UC_INTEGER) {
+		struct vlan_description vdesc = {
+			.notempty = 1,
+			.untagged = ucv_int64_get(cur),
+		};
+
+		ap_sta_set_vlan(hapd, sta, &vdesc);
+		ap_sta_bind_vlan(hapd, sta);
+	}
+
+out:
+	ucv_put(val);
+}

 int hostapd_ucode_init(struct hapd_interfaces *ifaces)
 {
@@ -765,6 +877,34 @@ void hostapd_ucode_free_iface(struct hostapd_iface *iface)
 	wpa_ucode_registry_remove(iface_registry, iface->ucode.idx);
 }

+int hostapd_ucode_afc_request(struct hostapd_iface *iface, const char *request,
+			      char *buf, size_t len)
+{
+	uc_value_t *val;
+	size_t ret_len;
+	int ret = -1;
+
+	if (wpa_ucode_call_prepare("afc_request"))
+		return -1;
+
+	uc_value_push(ucv_get(ucv_string_new(iface->phy)));
+	uc_value_push(ucv_get(ucv_string_new(request)));
+	val = wpa_ucode_call(2);
+	if (ucv_type(val) != UC_STRING)
+		goto out;
+
+	ret_len = ucv_string_length(val);
+	if (ret_len >= len)
+		goto out;
+
+	memcpy(buf, ucv_string_get(val), ret_len + 1);
+	ret = (int)ret_len;
+
+out:
+	ucv_put(val);
+	return ret;
+}
+
 void hostapd_ucode_add_bss(struct hostapd_data *hapd)
 {
 	uc_value_t *val;
--- a/feeds/mediatek-sdk/hostapd/src/src/ap/ucode.h
+++ b/feeds/mediatek-sdk/hostapd/src/src/ap/ucode.h
@@ -23,9 +23,13 @@ int hostapd_ucode_init(struct hapd_interfaces *ifaces);

 void hostapd_ucode_free(void);
 void hostapd_ucode_free_iface(struct hostapd_iface *iface);
+int hostapd_ucode_sta_auth(struct hostapd_data *hapd, struct sta_info *sta);
+void hostapd_ucode_sta_connected(struct hostapd_data *hapd, struct sta_info *sta);
 void hostapd_ucode_add_bss(struct hostapd_data *hapd);
 void hostapd_ucode_free_bss(struct hostapd_data *hapd);
 void hostapd_ucode_reload_bss(struct hostapd_data *hapd);
+int hostapd_ucode_afc_request(struct hostapd_iface *iface, const char *request,
+			      char *buf, size_t len);

 #else

@@ -42,6 +46,13 @@ static inline void hostapd_ucode_free_iface(struct hostapd_iface *iface)
 static inline void hostapd_ucode_reload_bss(struct hostapd_data *hapd)
 {
 }
+static inline int hostapd_ucode_sta_auth(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	return 0;
+}
+static inline void hostapd_ucode_sta_connected(struct hostapd_data *hapd, struct sta_info *sta)
+{
+}
 static inline void hostapd_ucode_add_bss(struct hostapd_data *hapd)
 {
 }
--- a/feeds/mediatek-sdk/hostapd/src/src/utils/ucode.c
+++ b/feeds/mediatek-sdk/hostapd/src/src/utils/ucode.c
@@ -52,12 +52,12 @@ uc_value_t *uc_wpa_freq_info(uc_vm_t *vm, size_t nargs)
 	uc_value_t *sec = uc_fn_arg(1);
 	int width = ucv_uint64_get(uc_fn_arg(2));
 	int freq_val, center_idx, center_ofs;
-	enum oper_chan_width chanwidth;
 	enum hostapd_hw_mode hw_mode;
 	u8 op_class, channel, tmp_channel;
 	const char *modestr;
 	int sec_channel = 0;
 	uc_value_t *ret;
+	int chanwidth;

 	if (ucv_type(freq) != UC_INTEGER)
 		return NULL;
@@ -77,13 +77,13 @@ uc_value_t *uc_wpa_freq_info(uc_vm_t *vm, size_t nargs)

 	switch (width) {
 	case 0:
-		chanwidth = CONF_OPER_CHWIDTH_USE_HT;
+		chanwidth = CHANWIDTH_USE_HT;
 		break;
 	case 1:
-		chanwidth = CONF_OPER_CHWIDTH_80MHZ;
+		chanwidth = CHANWIDTH_80MHZ;
 		break;
 	case 2:
-		chanwidth = CONF_OPER_CHWIDTH_160MHZ;
+		chanwidth = CHANWIDTH_160MHZ;
 		break;
 	default:
 		return NULL;
--- a/feeds/mediatek-sdk/hostapd/src/wpa_supplicant/ucode.c
+++ b/feeds/mediatek-sdk/hostapd/src/wpa_supplicant/ucode.c
@@ -136,7 +136,6 @@ static uc_value_t *
 uc_wpas_add_iface(uc_vm_t *vm, size_t nargs)
 {
 	uc_value_t *info = uc_fn_arg(0);
-	uc_value_t *driver = ucv_object_get(info, "driver", NULL);
 	uc_value_t *ifname = ucv_object_get(info, "iface", NULL);
 	uc_value_t *bridge = ucv_object_get(info, "bridge", NULL);
 	uc_value_t *config = ucv_object_get(info, "config", NULL);
@@ -155,22 +154,6 @@ uc_wpas_add_iface(uc_vm_t *vm, size_t nargs)
 		.ctrl_interface = ucv_string_get(ctrl),
 	};

-	if (driver) {
-		const char *drvname;
-		if (ucv_type(driver) != UC_STRING)
-			goto out;
-
-		iface.driver = NULL;
-		drvname = ucv_string_get(driver);
-		for (int i = 0; wpa_drivers[i]; i++) {
-			if (!strcmp(drvname, wpa_drivers[i]->name))
-				iface.driver = wpa_drivers[i]->name;
-		}
-
-		if (!iface.driver)
-			goto out;
-	}
-
 	if (!iface.ifname || !iface.confname)
 		goto out;